If you use the core
force-ssl package with wildcard subdomains all pointing to the same server, then when navigating to http://demo.example.com, you’ll get redirected to https://example.com (assuming you started your app instance with
That’s not good if you’re detecting the subdomain in app code and serving up different content based on that.
In the last commit to the
force-ssl package, the following change was made:
var host = req.headers.host || 'no-host-header';
was replaced with
var host = url.parse(Meteor.absoluteUrl()).hostname;
By forking the package and changing that line back to the original, I can get
http://demo.example.com to redirect to
So there is a working solution, but I’m not entirely happy with having to hack the package source. From the code comments before that change (below), it appears there was a good reason for making the change:
// if we don't have a host header, there's not a lot we can do. We // don't know how to redirect them. // XXX can we do better here?
Does anyone have a better way of achieving this?