npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

koa-www-force

v1.0.1

Published

Enforces www for node.js koa projects

Downloads

234

Readme

Koa force www

This simple Koa.js middleware enforces www subdomain (or the opposite) on any incoming requests. In case of a non-subdomain (or the opposite) request, koa-www-force automatically redirects to the required subdomain using a 301 permanent redirect.

koa-www-force also works behind reverse proxies (load balancers) as they are for example used by Heroku and nodejitsu. In such cases, however, the trustHostHeader parameter has to be set (see below).

Install

$ npm install koa-www-force

API

enforceWWW(options);

params: {Hash} options

return: {Function}

Available Options

  • www [Boolean] - wether to add or remove www subdomain from the urls (default is true)
  • trustHostHeader [Boolean] - trust x-forwarded-host header from Heroku, nodejitsu or any other proxy (default is false)
  • useHTTPS [Boolean] - to redirect to the https version of the domain (default is false)
  • ignoreUrl [Boolean] - ignore request url, redirect all requests to root (default is false)
  • temporary [Boolean] - use 302 Temporary Redirect (default is to use 301 Permanent Redirect)
  • redirectMethods [Array] - Whitelist methods that should be redirected (default is ['GET', 'HEAD'])
  • internalRedirectMethods [Array] - Whitelist methods for 307 Internal Redirect (default is [])

Reverse Proxies (Heroku, Nodejitsu and others)

Heroku, nodejitsu and other hosters often use reverse proxies which offer SSL endpoints but then forward unencrypted HTTP traffic to the website. This makes it difficult to detect if the original host came with or without www. Luckily, most reverse proxies set the x-forwarded-host header flag with the original request scheme. koa-www-force is ready for such scenarios, but you have to specifically request the evaluation of this flag:

app.use(enforceWWW({
  trustHostHeader: true
}))

Please do not set this flag if you are not behind a proxy that is setting this header as such flags can be easily spoofed in a direct client/server connection.

Usage

Without Reverse Proxy

Add www subdomain to all pages

const Koa = require('koa');
const enforceWWW = require('koa-www-force');
const app = new Koa();

// Force www on all page
app.use(enforceWWW());

Remove www subdomain from all pages

const Koa = require('koa');
const enforceWWW = require('koa-www-force');
const app = new Koa();

// Remove www on all pages
app.use(enforceWWW({
  www: false
}));

With Reverse Proxy

const Koa = require('koa');
const enforceWWW = require('koa-www-force');
const app = new Koa();

// Force www on all page
app.use(enforceWWW({
  trustHostHeader: true
}));

Advanced Redirect Setting

Redirect Methods

By default only GET and HEAD methods are whitelisted for redirect. koa-www-force will respond with 403 on all other methods. You can change whitelisted methods by passing redirectMethods array to options.

Internal Redirect Support [POST/PUT]

By default there is no HTTP(S) methods whitelisted for 307 internal redirect. You can define custom whitelist of methods for 307 by passing internalRedirectMethods array to options. This should be useful if you want to support POST and PUT delegation from HTTP to HTTPS. For more info see this article.

License

MIT

Credits

This project is inspired and based on the wonderful work of koa-sslify