From ada566af540ab762b9a99983edb75dc0419d527a Mon Sep 17 00:00:00 2001
From: Geoffrey Wu <geoffreywu1000@gmail.com>
Date: Sat, 12 Oct 2024 16:20:12 -0400
Subject: [PATCH] fix redirect loop

---
 index.js                    | 2 ++
 server/https-enforcement.js | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index d8953b6b..86077054 100644
--- a/index.js
+++ b/index.js
@@ -23,6 +23,8 @@ if (process.env.NODE_ENV !== 'production') {
   app.use(morgan('dev'));
 }
 
+// https://stackoverflow.com/questions/10348906/how-to-know-if-a-request-is-http-or-https-in-node-js
+app.enable('trust proxy');
 app.use(hostnameRedirection);
 app.use(httpsEnforcement);
 
diff --git a/server/https-enforcement.js b/server/https-enforcement.js
index c7ef0c3d..286ab854 100644
--- a/server/https-enforcement.js
+++ b/server/https-enforcement.js
@@ -2,7 +2,7 @@ export default function httpsEnforcement (req, res, next) {
   const hostname = req.hostname;
 
   // Use HTTPS if not on localhost
-  if (req.protocol !== 'https' && !['localhost', '127.0.0.1'].includes(hostname)) {
+  if (!req.secure && !['localhost', '127.0.0.1'].includes(hostname)) {
     return res.redirect(301, `https://${hostname}${req.originalUrl}`);
   }