From 047065a2fc3268590990d949fd5ab38a7518f4ad Mon Sep 17 00:00:00 2001
From: Joe Lanman <joelanman@gmail.com>
Date: Tue, 4 Apr 2017 17:08:00 +0100
Subject: [PATCH] de-duplicate forceHttps

---
 server.js | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/server.js b/server.js
index 36b17f4862..8d93328ff7 100644
--- a/server.js
+++ b/server.js
@@ -40,8 +40,12 @@ if (!useDocumentation) promoMode = 'false'
 // Force HTTPs on production connections. Do this before asking for basicAuth to
 // avoid making users fill in the username/password twice (once for `http`, and
 // once for `https`).
-if (env === 'production' && useHttps === 'true') {
+
+var isSecure = (env === 'production' && useHttps === 'true')
+
+if (isSecure) {
   app.use(utils.forceHttps)
+  app.set('trust proxy', 1) // needed for secure cookies on heroku
 }
 
 // Authenticate against the environment-provided credentials, if running
@@ -107,15 +111,6 @@ app.locals.promoMode = promoMode
 app.locals.releaseVersion = 'v' + releaseVersion
 app.locals.serviceName = config.serviceName
 
-var isSecure = false
-
-// Force HTTPs on production connections
-if (env === 'production' && useHttps === 'true') {
-  app.use(utils.forceHttps)
-  app.set('trust proxy', 1) // needed for secure cookies on heroku
-  isSecure = true
-}
-
 // Support session data
 app.use(session({
   cookie: {