Change secure check in production environment & Run with Heroku

[gimdongwoo]

req.secure is undefined in production evironment.

It works on heroku with https.

Thank you.

[facebook-github-bot]

By analyzing the blame information on this pull request, we identified @flovilmart, @drew-gross and @gimdongwoo to be potential reviewers.

[drew-gross]

Sweet! This looks like it should be pretty close to what we want. The X-Forwarded-Proto header can be spoofed on non-Heroku environments, though, so we need to deal with that. I think the idiomatic express-ey solution is to use app.enable('trust proxy') and then check req.proto. We should only use trust proxy if the user says it's OK, though, so that should be toggled with a flag. I think this flag could actually replace the allowInsecureHTTP flag, which would be pretty nice security improvement :)

[facebook-github-bot]

@gimdongwoo updated the pull request.

[mnoble]

Heh, I was just about open a pull request for this. This will also need to use req.headers['x-forwarded-for'] when available, in place of req.connection.remoteAddress. All requests appear as coming from localhost.

[gimdongwoo]

Then I've merged v1.0.5, heroku build fails. local is ok.

It's logs from heroku.

   > [email protected] postinstall /tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8/node_modules/node-sass
   > node scripts/build.js

   ` /tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8/node_modules/node-sass/vendor/linux-x64-47/binding.node ` exists.
   testing binary.
   Binary is fine; exiting.
   npm verb lifecycle [email protected]~postinstall: unsafe-perm in lifecycle true
   npm verb lifecycle [email protected]~postinstall: PATH: /tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8/.heroku/node/lib/node_modules/npm/bin/node-gyp-bin:/tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8/node_modules/node-sass/node_modules/.bin:/tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8/node_modules/.bin:/tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8/.heroku/node/bin:/tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8/.heroku/node/bin:/app/bin:/app/vendor/bundle/bin:/app/vendor/bundle/ruby/2.3.0/bin:/usr/local/bin:/usr/bin:/bin:/tmp/codon/vendor/bin
   npm verb lifecycle [email protected]~postinstall: CWD: /tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8/node_modules/node-sass
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm verb unlock done using /app/.npm/_locks/staging-fff6510cd9f8731f.lock for /tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8/node_modules/.staging
   npm info lifecycle [email protected]~preinstall: [email protected]
   npm info linkStuff [email protected]
   npm verb linkBins [email protected]
   npm verb linkMans [email protected]
   npm info lifecycle [email protected]~install: [email protected]
   npm info lifecycle [email protected]~postinstall: [email protected]
   npm info lifecycle [email protected]~prepublish: [email protected]

   > [email protected] prepublish /tmp/build_a465252b863b0e8ad56146460c5c3afb/gimdongwoo-parse-dashboard-b4433e8
   > webpack --config webpack/publish.config.js --progress

59% 53/64 build modulesContainer#eachAtRule is deprecated. Use Container#walkAtRules instead.
Container#eachRule is deprecated. Use Container#walkRules instead.
Container#eachDecl is deprecated. Use Container#walkDecls instead.
Node#removeSelf is deprecated. Use Node#remove.
31% 82/231 build modulesNode#before is deprecated. Use Node#raws.before
65% 992/1068 build mo
-----> Build failed

   We're sorry this build is failing! You can troubleshoot common issues here:
   https://devcenter.heroku.com/articles/troubleshooting-node-deploys

   Some possible problems:

   - Dangerous semver range (>) in engines.node
   https://devcenter.heroku.com/articles/nodejs-support#specifying-a-node-js-version

[drew-gross]

Heroku seems to be taking issue with the >= from

  "engines": {
    "node": ">=4.3"
  },

in package.json. Try changing that to use an exact version of node and see if that helps. If not, the steps in that troubleshooting link might help (especially the "clean slate" step).

[facebook-github-bot]

@gimdongwoo updated the pull request.

[gimdongwoo]

This causes an error during the build on Heroku.

[src/dashboard/index.js]
import "babel-polyfill";

If it do not use, operation with no problem.

Many people like to use the parse dashboard & server on Heroku. So do I.

Thank you!!

[drew-gross]

The babel-polyfill is important to make sure the dashboard works on older browsers, we can't remove that.

[facebook-github-bot]

@gimdongwoo updated the pull request.