From f4106a15aacf37e60bfcad1a3dbb2f4132828198 Mon Sep 17 00:00:00 2001
From: Frankie Roberto <frankie@frankieroberto.com>
Date: Fri, 14 Feb 2025 10:04:26 +0000
Subject: [PATCH] Add comment

---
 lib/middleware/production.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/middleware/production.js b/lib/middleware/production.js
index b74f68334..a32f34546 100644
--- a/lib/middleware/production.js
+++ b/lib/middleware/production.js
@@ -14,6 +14,10 @@ function production(req, res, next) {
   console.log(req.headers)
 
   // Redirect to HTTPS if page requested over HTTP
+  // This relies on the X-Forwarded-Proto HTTP header as hosts
+  // like Heroku place apps behind a load balance which uses HTTPS
+  // internally. The X-Forwarded-Proto reveals the protocol of the
+  // original request.
   if (req.headers['x-forwarded-proto'] === 'http') {
     return res.redirect(302, 'https://' + req.get('Host') + req.url)
   } else {