2 files changed, 13 insertions, 6 deletions

diff --git a/lib/config/index.js b/lib/config/index.js
index 48e61b6c..bdbdfea9 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -1,4 +1,3 @@
-
 'use strict'
 
 const crypto = require('crypto')
@@ -31,7 +30,7 @@ const packageConfig = {
 }
 
 const configFilePath = path.resolve(appRootPath, process.env.CMD_CONFIG_FILE ||
-'config.json')
+  'config.json')
 const fileConfig = fs.existsSync(configFilePath) ? require(configFilePath)[env] : undefined
 
 let config = require('./default')
@@ -88,6 +87,14 @@ config.isStandardHTTPPort = (function isStandardHTTPPort () {
   return !config.useSSL && config.port === 80
 })()
 
+// Use HTTPS protocol if the internal TLS server is enabled
+if (config.useSSL === true) {
+  if (config.protocolUseSSL === false) {
+    logger.warn('Overriding protocolUseSSL to \'true\' as useSSL is enabled.')
+  }
+  config.protocolUseSSL = true
+}
+
 // cache serverURL
 config.serverURL = (function getserverurl () {
   let url = ''
@@ -147,8 +154,8 @@ for (let i = keys.length; i--;) {
   // and the config with uppercase is not set
   // we set the new config using the old key.
   if (uppercase.test(keys[i]) &&
-  config[lowercaseKey] !== undefined &&
-  fileConfig[keys[i]] === undefined) {
+    config[lowercaseKey] !== undefined &&
+    fileConfig[keys[i]] === undefined) {
     logger.warn('config.json contains deprecated lowercase setting for ' + keys[i] + '. Please change your config.json file to replace ' + lowercaseKey + ' with ' + keys[i])
     config[keys[i]] = config[lowercaseKey]
   }
diff --git a/lib/csp.js b/lib/csp.js
index 108f2a22..08efdd79 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -85,9 +85,9 @@ function getCspNonce (req, res) {
 
 function addUpgradeUnsafeRequestsOptionTo (directives) {
   if (config.csp.upgradeInsecureRequests === 'auto' && config.useSSL) {
-    directives.upgradeInsecureRequests = true
+    directives.upgradeInsecureRequests = []
   } else if (config.csp.upgradeInsecureRequests === true) {
-    directives.upgradeInsecureRequests = true
+    directives.upgradeInsecureRequests = []
   }
 }