Enabling HTTPS

In this lesson, we’ll learn how to enable users to connect to the application via HTTPS, adding an extra layer of security and encryption.

HTTPS protocol

Any user-facing application nowadays should not only be allowing but also forcing its users to connect over HTTPS. This is a layer of security added on top of HTTP, making sure all connections are encrypted via a trusted certificate. Once again, we won’t try to come up with a definition, instead using the following one from MDN:

“HTTPS (HyperText Transfer Protocol Secure) is an encrypted version of the HTTP protocol. It uses SSL or TLS to encrypt all communication between a client and a server. This secure connection allows clients to safely exchange sensitive data with a server, such as when performing banking activities or online shopping.”

By enabling HTTPS connections in our application, we’re making sure that it’s way harder to intercept and interpret requests. Without this, a malicious user can, for instance, intercept a login request and have access to the user’s password and username combination. We’re protecting the user’s sensitive data.

Because we’re using Oak in our application, we’ll look for a solution on how to support HTTPS connections in its documentation. By looking at https://doc.deno.land/https/deno.land/x/oak@v6.3.1/mod.ts, we can see that the Application.listen method receives a configuration object, the same one we previously used to send the port variable. That’s what we’ll use to enable HTTPS.

Let’s see how we can change Oak’s configuration so that it supports secure connections, by following these steps:

1. Go to src/web/index.ts, and add the secure, keyFile, and certFile options to the listen method call, as follows: