Closed danimbrogno closed 2 years ago
Have you tried to enable proxy?
This option will try to forward reverse proxy option to the app.
app.enable('trust proxy');
Thanks for the tip, I'll look into that now.
Hm, no in my situation that doesn't seem to help.
Even with the following initialization code, request.protocol is still "http".
import { Logger } from '@nestjs/common';
import { NestFactory } from '@nestjs/core';
import { NestExpressApplication } from '@nestjs/platform-express';
import { AppModule } from './app/app.module';
import { config } from './config';
async function bootstrap() {
const app = await NestFactory.create<NestExpressApplication>(AppModule.forRoot(config));
app.set('trust proxy');
const port = process.env.PORT || 3333;
await app.listen(port, () => {
Logger.log('Application listening on: ' + port + '/');
});
}
bootstrap();
This is the document related to that issue.
app.set('trust proxy', 1)
...
if (req.secure) {
// Do something when HTTPS is used
}
We could use both request.protocol together with requset.secure to check for HTTPS, I think
@vh13294 ran into the same issue today, with render.com. So what is the solution? @danimbrogno how did you solved it?
@vh13294 ran into the same issue today, with render.com. So what is the solution? @danimbrogno how did you solved it?
Instead of using SignedUrlGuard exported by this module I use the code I posted in the first message: https://github.com/vh13294/nestjs-url-generator/issues/7#issue-1013684402
Great module but I ran into an issue when implementing it.
My app is deployed to Azure App Service, which terminates the SSL connection before it hits the application.
So even though the original request is made over https,
request.protocol = 'http'
by the time the request hits the app.Therefore
isSignatureValid
method determines that the request is invalid. Azure App Service forwards the orginal protocol in the header 'x-forwarded-proto', so I hacked around this with this re-implementation of 'SignedUrlGuard'.But a cleaner approach would be an ability to customize how the request is read. Would you accept a PR around this?