Have you tried enforcing https for your app in Node?
Having researched(googled) innumerable solutions what failed for us initially were the checks for 
<ul>
<li>req.secure</li>
<li>req.protocol</li>
<li>req.connection.encrypted</li>
</ul>
None of those were reliable.
However the check for header value x-forwarded-proto was also somehow reliable for us.
Try pasting the following in your app.js or server.js and see if it works
<pre class="line-numbers"><code class="language-javascript">function requireHTTPS(req, res, next) {
 if (req.headers['x-forwarded-proto'] == 'https') {
 return next();
 } else {
 res.redirect('https://' + req.headers.host + req.path);
 }
}
if (app.get('env') != 'development') app.use(requireHTTPS);</code></pre>
Message from Sponsor: Checkout <a title="" href="https://jobs.frontend.la/i/los-angeles-ca/node" target="_blank" rel="noopener noreferrer">Node.js jobs in Los Angeles, CA</a>

Node.js Force SSL in production