Add HTTPS enforcement middleware for production deployments (Issue #701)

[anshul23102]

Summary

Implement automatic HTTP to HTTPS redirection in production environments. This ensures that all credentials and sensitive data are transmitted only over encrypted HTTPS connections, preventing man-in-the-middle attacks and credential leaks.

Changes

• Create httpsRedirect middleware that checks x-forwarded-proto header
• Redirect HTTP requests to HTTPS in production
• Add middleware to server.js before other routes
• Handles reverse proxy scenarios (Netlify, Heroku, etc.)

Testing

1. Set NODE_ENV=production
2. Make HTTP request to server
3. Verify automatic redirect to HTTPS
4. Verify credentials are transmitted only over HTTPS
5. Test with reverse proxy headers (x-forwarded-proto)
6. Verify localhost development still works without redirect

Type of Change

• Security fix
• Infrastructure

Contributor Declaration

This contribution is original work and I have the right to contribute this code to the project. I understand that the project is licensed under its respective license and my contributions will be available under the same license terms.

Closes #701

[coderabbitai]

Warning

Review limit reached

@anshul23102, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 59 minutes and 9 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 11410604-3a91-41a8-9c95-7442ff8ec09f

📥 Commits

Reviewing files that changed from the base of the PR and between 53f820b and c29724c.

📒 Files selected for processing (2)

• backend/middleware/httpsRedirect.js
• backend/server.js

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[netlify]

✅ Deploy Preview for github-spy ready!

Name	Link
🔨 Latest commit	c29724c
🔍 Latest deploy log	https://app.netlify.com/projects/github-spy/deploys/6a209d2b5d46150008bc2acf
😎 Deploy Preview	https://deploy-preview-706--github-spy.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[anshul23102]

Could the maintainers please add relevant labels to this PR? Suggested labels:

• gssoc:approved
• type:security
• severity:high
• area:security
• area:infrastructure

This would help with issue tracking and organization. Thank you!