Even though this question is nearly 3 years old, there are a few subtle issues with the previously posted answers (and their comments), as well as some good advice in the comments that didn't make it back into the answers themselves. Here's a few important things to note:
- Don't hardcode the
http://
or https://
in the redirect URI; this makes life suck when switching between dev and prod environments - use req.protocol
instead.
- Also note that in order to use
req.protocol
reliably behind a proxy performing SSL termination (such as Elastic Load Balancer), you need to make sure that the trust proxy
setting is enabled. This will ensure that req.protocol
returns the protocol that the browser sees, not the protocol that finally made it to your app server.
- The accepted answer has a logic bug, as it matches on
/^www/
, but formats the redirect URI with /^www./
. In practice that probably won't bite anyone, but it would result in infinite redirect loops for something like wwwgotcha.example.com
.
- Be sure to use
req.headers.host
instead of req.host
, as the latter strips out the port number. So, if you were to handle a request for www.example.com:3000
, you'd redirect the user to www.example.com
, minus the correct port number.
- As Dário pointed out, you'll typically want to use a 301 redirect when going from www to non-www (or vice versa) for SEO purposes.
- The last issue is the most minor, but it's generally safer to use
req.originalUrl
when creating redirect URIs, just in case you happen to be running in a mounted "sub app".
All that being said, here's my recommended approach that takes the above into consideration:
function wwwRedirect(req, res, next) {
if (req.headers.host.slice(0, 4) === 'www.') {
var newHost = req.headers.host.slice(4);
return res.redirect(301, req.protocol + '://' + newHost + req.originalUrl);
}
next();
};
app.set('trust proxy', true);
app.use(wwwRedirect);
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…