Added middleware to force all routes to be https

server.js

@@ -6,6 +6,7 @@ const app = express();
 app.use(express.static(`${__dirname}/build`));
 app.use(require('body-parser').json({ limit: '25mb' }));
 app.use(require('cookie-parser')());
+app.use(require('./server/forcessl.mw.js'));
 
 const config = require('nconf')
 	.argv()
@@ -23,7 +24,7 @@ mongoose.connection.on('error', ()=>{
 });
 
 
-//Account MIddleware
+//Account Middleware
 app.use((req, res, next)=>{
 	if(req.cookies && req.cookies.nc_session){
 		try {

server/forcessl.mw.js

@@ -0,0 +1,7 @@
+module.exports = (req, res, next) => {
+	if(process.env.NODE_ENV === 'local') return next();
+	if(req.header('x-forwarded-proto') !== 'https') {
+		return res.redirect(302, `https://${req.get('Host')}${req.url}`);
+	}
+	return next();
+};