res.redirect('/') from POST route redirects to HTTPS instead of HTTP in development

[Amanp30]

When running an Express.js application in a local development environment (served over HTTP), I'm observing an unexpected redirect to HTTPS when performing res.redirect('/') from a POST route. This behavior does not occur when redirecting from a GET route to a relative path, or when redirecting to a non-root path.

Steps to Reproduce:

Set up a basic Express.js application locally, explicitly configured to serve over HTTP (e.g., using const http = require("http"); http.createServer(app).listen(PORT);).

Define a simple POST route that performs a redirect to the root path:

const express = require('express');
const app = express();

app.use(express.json()); // Or express.urlencoded({ extended: true }) if handling form data

app.post('/test-post-redirect', (req, res) => {
  // This is the problematic redirect
  res.redirect('/');
});

// For comparison: A GET route that redirects to a non-root path (works as expected)
app.get('/test-get-redirect', (req, res) => {
  res.redirect('/some-other-path'); // This correctly redirects to http://localhost:PORT/some-other-path
});

// Define the root and a test target for clarity
app.get('/', (req, res) => {
  res.send('Welcome to the home page (HTTP)!');
});

app.get('/some-other-path', (req, res) => {
  res.send('This path was reached via HTTP redirect.');
});

// Assuming app is listening on http://localhost:3000

From a client (e.g., Postman, browser fetch API, or a simple HTML form), send a POST request to http://localhost:PORT/test-post-redirect.

Expected Behavior:

The browser should redirect to http://localhost:PORT/.

Actual Behavior:

The browser redirects to https://localhost:PORT/.

Express version 5.0.1

[albertoborit]

have you tried chrome://net-internals/#hsts?

[omchaudhary007]

Tested with the same code on Express 5.0.1 using a basic HTTP server. Sent a POST request via Postman—redirect stayed on HTTP (Location: /), no switch to HTTPS.

If HTTPS shows up, something in the environment (like a proxy, VPN, or Postman setting) might be affecting it. Worth checking the raw response headers to confirm.

[Amanp30]

Yes I tried chrome hsts way

[riazXrazor]

@Amanp30
unable to replicate so far with the provided same code.

btw what happens if you force redirect ?
res.redirect(http://localhost:${PORT}/);

[Amanp30]

When I create a new project everything works fine. I think my logic is wrong in that one controller. Thank you