notkshitij/CropCompass
1
1
Fork 0
Code Issues 8 Pull Requests Projects 1 Releases Activity

Added helmet secure headers and HTTPS redirection.

Browse Source
This commit is contained in:
K
2025-07-18 01:21:07 +05:30
parent 351f57229c
commit 001727ab85
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Backend/app.js
+11
View File
@@ -1,6 +1,7 @@
const express = require("express"); const express = require("express");
const cors = require("cors"); const cors = require("cors");
const cookieParser = require("cookie-parser"); const cookieParser = require("cookie-parser");
const helmet = require("helmet");
const userRoute = require("./Routes/user.routes.js"); const userRoute = require("./Routes/user.routes.js");
const farmRoute = require("./Routes/farm.routes.js"); const farmRoute = require("./Routes/farm.routes.js");
@@ -17,6 +18,8 @@ dotenv.config({
const app = express(); const app = express();
app.use(helmet()); // Secure headers
const corsOptions = { const corsOptions = {
origin: process.env.FRONTEND_URI, origin: process.env.FRONTEND_URI,
methods: "GET,HEAD,PUT,PATCH,POST,DELETE", methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
@@ -43,4 +46,12 @@ app.use("/api/v1/finance", financeRoute);
app.use("/api/v1/task", taskRoute); app.use("/api/v1/task", taskRoute);
// Redirect HTTP to HTTPS (works behind proxy)
app.use((req, res, next) => {
if (req.headers["x-forwarded-proto"] !== "https" && process.env.NODE_ENV === "production") {
return res.redirect(`https://${req.headers.host}${req.url}`);
}
next();
});
module.exports = app; module.exports = app;