Changed force SSL method to send headers.

lelas · Apr 5, 2022 · 6eaf090 · 6eaf090
1 parent 22195a0
commit 6eaf090
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/pages/_middleware.js b/pages/_middleware.js
@@ -1,13 +1,12 @@
 import { NextResponse } from 'next/server';
 
-function redirectHTTPS(req) {
-  const host = req.headers.get('host');
-  if (
-    process.env.FORCE_SSL &&
-    process.env.NODE_ENV === 'production' &&
-    req.nextUrl.protocol === 'http:'
-  ) {
-    return NextResponse.redirect(`https://${host}${req.nextUrl.pathname}`, 301);
+function forceSSL(req) {
+  if (process.env.FORCE_SSL && req.nextUrl.protocol === 'http:') {
+    const response = NextResponse.next();
+
+    response.headers.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+
+    return response;
   }
 }
 
@@ -32,7 +31,7 @@ function disableLogin(req) {
 }
 
 export function middleware(req) {
-  const fns = [redirectHTTPS, customScriptName, disableLogin];
+  const fns = [customScriptName, disableLogin, forceSSL];
 
   for (const fn of fns) {
     const res = fn(req);