Missing https protocol detected.

• Rule ID: javascript_express_https_protocol_missing
• Languages: javascript
• Source: https_protocol_missing.yml

Description

Use HTTPS wherever possible. HTTPS uses the TLS (Transport Layer Security) protocol to encrypt communication, making it more secure than HTTP.

Remediations

✅ Use the https module when calling createServer()

var https = require('https');
var express = require('express');
var app = express();

var httpsServer = https.createServer(app)
httpsServer.listen(8080);

Resources

• Express Security Best Practices: use TLS

Associated CWE

• CWE-693: Protection Mechanism Failure

OWASP Top 10