Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,191 --> 00:00:02,870
In this lecture, we're very quickly
2
00:00:02,870 --> 00:00:07,210
gonna learn how to test for secure https connections,
3
00:00:07,210 --> 00:00:08,730
with a Heroku,
4
00:00:08,730 --> 00:00:11,041
because we actually need that, at one point,
5
00:00:11,041 --> 00:00:12,983
in our application.
6
00:00:14,540 --> 00:00:18,560
So, let's go here to our authentication controller.
7
00:00:18,560 --> 00:00:21,060
And right here at the top,
8
00:00:21,060 --> 00:00:24,049
in this create sent token function,
9
00:00:24,049 --> 00:00:26,840
here is the place where we set
10
00:00:26,840 --> 00:00:30,240
the adjacent web cookie to secure,
11
00:00:30,240 --> 00:00:32,343
if we are currently in production.
12
00:00:33,300 --> 00:00:34,661
Remember that.
13
00:00:34,661 --> 00:00:37,630
So, remember that we created this function
14
00:00:37,630 --> 00:00:39,270
with adjacent response,
15
00:00:39,270 --> 00:00:41,255
it also sends a cookie,
16
00:00:41,255 --> 00:00:44,670
which also contains the adjacent web token.
17
00:00:44,670 --> 00:00:47,090
And that cookie has a couple of options.
18
00:00:47,090 --> 00:00:49,260
The first one, when it expires.
19
00:00:49,260 --> 00:00:50,093
The second one,
20
00:00:50,093 --> 00:00:54,490
that it can only be accessed via http basically.
21
00:00:54,490 --> 00:00:56,570
And then, when we're in production,
22
00:00:56,570 --> 00:00:59,344
we said that this cookie can only be sent
23
00:00:59,344 --> 00:01:01,480
on a secure connection.
24
00:01:01,480 --> 00:01:04,769
So, basically, on an https connection.
25
00:01:04,769 --> 00:01:05,810
All right.
26
00:01:05,810 --> 00:01:08,117
Now, the problem with that is that actually,
27
00:01:08,117 --> 00:01:10,810
the fact that we are in production,
28
00:01:10,810 --> 00:01:14,370
does not mean that connection is actually secure.
29
00:01:14,370 --> 00:01:15,340
Right?
30
00:01:15,340 --> 00:01:18,200
Because of course, not all deployed applications
31
00:01:18,200 --> 00:01:21,470
are automatically set to https.
32
00:01:21,470 --> 00:01:25,021
And so we need to change this if that we have here.
33
00:01:25,021 --> 00:01:25,892
All right.
34
00:01:25,892 --> 00:01:29,700
Now, in express we actually have a secure property
35
00:01:29,700 --> 00:01:31,860
that is on the request.
36
00:01:31,860 --> 00:01:33,682
And only when the connection is secure,
37
00:01:33,682 --> 00:01:38,630
then this request dot secure is true.
38
00:01:38,630 --> 00:01:39,463
Okay?
39
00:01:39,463 --> 00:01:41,090
Makes sense, right?
40
00:01:41,090 --> 00:01:43,790
Now the problem is, that actually in Heroku,
41
00:01:43,790 --> 00:01:45,370
this doesn't work.
42
00:01:45,370 --> 00:01:47,107
And that's because Heroku proxy's,
43
00:01:47,107 --> 00:01:52,107
so basically redirect or modifies all incoming requests
44
00:01:52,290 --> 00:01:56,170
into our application before they actually reach the app.
45
00:01:56,170 --> 00:01:57,003
All right.
46
00:01:57,003 --> 00:02:00,682
So, in order to make this also work on Heroku
47
00:02:00,682 --> 00:02:04,200
we need to also test if the x forward proto
48
00:02:04,200 --> 00:02:06,952
header is set to https.
49
00:02:06,952 --> 00:02:07,785
All right.
50
00:02:07,785 --> 00:02:09,204
So, that sounds a bit confusing,
51
00:02:09,204 --> 00:02:13,170
but again, this is something Heroku does internally.
52
00:02:13,170 --> 00:02:16,549
So, let's test here if req.secure is true,
53
00:02:16,549 --> 00:02:21,549
or if req.headers.
54
00:02:22,134 --> 00:02:27,134
And the header that we're looking for is x forwarded proto.
55
00:02:29,820 --> 00:02:33,830
And this header is set to https
56
00:02:33,830 --> 00:02:36,210
if we are on a secure connection.
57
00:02:36,210 --> 00:02:37,050
All right?
58
00:02:37,050 --> 00:02:40,190
So, this is something very Heroku specific.
59
00:02:40,190 --> 00:02:43,870
And that's why I left this here for the last section,
60
00:02:43,870 --> 00:02:46,113
after we already deployed the application.
61
00:02:46,950 --> 00:02:50,700
So, if either req.secure is true,
62
00:02:50,700 --> 00:02:55,150
or if this header here is set to https,
63
00:02:55,150 --> 00:02:58,660
then we want the secure options here set to true.
64
00:02:58,660 --> 00:03:01,213
And, so, we can actually refactor this.
65
00:03:02,680 --> 00:03:04,500
So, basically we can take this,
66
00:03:04,500 --> 00:03:06,180
because this will be true.
67
00:03:06,180 --> 00:03:08,186
And, so, I say if this is true,
68
00:03:08,186 --> 00:03:10,860
then let's say equal true here.
69
00:03:10,860 --> 00:03:12,041
So, that doesn't make sense.
70
00:03:12,041 --> 00:03:15,023
We can instead simply do it like this.
71
00:03:16,590 --> 00:03:18,110
All right?
72
00:03:18,110 --> 00:03:20,820
And, actually, we can take it even further.
73
00:03:20,820 --> 00:03:23,883
And put the secure option right here.
74
00:03:25,350 --> 00:03:28,313
So, why have it outside if we can just put it here?
75
00:03:29,150 --> 00:03:33,823
So, secure equals this, okay?
76
00:03:35,550 --> 00:03:37,723
And then we no longer need this.
77
00:03:38,910 --> 00:03:41,370
And, since we're refactoring,
78
00:03:41,370 --> 00:03:46,173
we actually no longer need this variable here at all.
79
00:03:48,130 --> 00:03:50,946
So, let's just put it here, give it a safe,
80
00:03:50,946 --> 00:03:53,520
and there's something wrong there.
81
00:03:53,520 --> 00:03:55,950
Okay, and so, now the problem is that
82
00:03:55,950 --> 00:03:59,190
do not have access currently to the request
83
00:03:59,190 --> 00:04:00,680
in this function.
84
00:04:00,680 --> 00:04:03,103
Okay, so, we need to add it here.
85
00:04:04,050 --> 00:04:09,050
Request and then wherever we have create sent token,
86
00:04:09,120 --> 00:04:11,693
we of course need to pass in the request in there.
87
00:04:13,020 --> 00:04:14,063
So, that's here.
88
00:04:17,000 --> 00:04:19,762
So, use command D to find the next one basically.
89
00:04:21,149 --> 00:04:22,353
Request here.
90
00:04:27,740 --> 00:04:31,193
And then finally here as well.
91
00:04:33,010 --> 00:04:36,352
Okay, so, that looks much nicer
92
00:04:36,352 --> 00:04:40,940
and it should also work a lot nicer than before.
93
00:04:40,940 --> 00:04:44,480
However, right now, this is still not going to be working,
94
00:04:44,480 --> 00:04:47,460
because there's just one more thing that we need to do,
95
00:04:47,460 --> 00:04:51,350
which is basically to make our application trust proxy's.
96
00:04:51,350 --> 00:04:54,180
So, again, request dot secure doesn't work
97
00:04:54,180 --> 00:04:57,550
in the first place because Heroku acts as a proxy,
98
00:04:57,550 --> 00:05:01,500
which kind of redirects and modifies incoming requests.
99
00:05:01,500 --> 00:05:04,819
And, so, we need to go to app dot JS
100
00:05:04,819 --> 00:05:08,010
and then right after this one here,
101
00:05:08,010 --> 00:05:10,640
let's now trust proxy's.
102
00:05:10,640 --> 00:05:15,033
And we do that by saying app dot enable trust proxy.
103
00:05:20,680 --> 00:05:21,513
Okay?
104
00:05:21,513 --> 00:05:24,498
So, this is something that is built into express
105
00:05:24,498 --> 00:05:26,980
for this kind of situations.
106
00:05:26,980 --> 00:05:27,813
All right?
107
00:05:27,813 --> 00:05:31,400
And so, only if we have this setting here correctly set up,
108
00:05:31,400 --> 00:05:35,210
then this header here will be correctly set,
109
00:05:35,210 --> 00:05:38,483
and we will be able to read its value.
110
00:05:39,450 --> 00:05:40,410
All right?
111
00:05:40,410 --> 00:05:44,470
So, this is how you test if a connection is secure or not,
112
00:05:44,470 --> 00:05:47,363
when you have your application deployed to Heroku.
8312
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.