Hapi Enforce HTTPS Plugin

Hapi plugin which forces to use HTTPS protocol in selected endpoints.

It's responsible for blocking non-secured incoming requests to the resources. All requests which aren't via HTTPS will return a Bad request error (400) except the ones specified in excludePaths option. This plugin isn't for redirecting from non-secured resources to secured ones. There's already a plugin for that.

Installtion

npm install @plan3-relate/hapi-enforce-https

Usage

const Hapi = require('hapi');
const server = new Hapi.Server();
const enforceHttps = require('@plan3-relate/hapi-enforce-https');


// register the plugin 
server.register({
  register: enforceHttps,
  options: {
    enforceHttps: true,
    excludePaths: ['/health']
  }
});