* setup in-app ssl redirects for Heroku * add typings * use trustProtoHeader * BE w3 read fix for read_user_proposal * No HTTPS redirect on dev