redirects to https for unsecure locations on app transition

wherehows-web/app/router.js

@@ -3,6 +3,7 @@ import { get, getWithDefault } from '@ember/object';
 import { inject as service } from '@ember/service';
 import { scheduleOnce } from '@ember/runloop';
 import config from './config/environment';
+import { redirectToHttps } from 'wherehows-web/utils/build-url';
 
 const AppRouter = Router.extend({
   location: config.locationType,
@@ -11,6 +12,12 @@ const AppRouter = Router.extend({
 
   metrics: service(),
 
+  willTransition() {
+    this._super(...arguments);
+
+    redirectToHttps(window.location);
+  },
+
   didTransition() {
     this._super(...arguments);
 

wherehows-web/app/utils/build-url.ts

@@ -39,3 +39,15 @@ export default (baseUrl: string, queryParam: string, queryValue: string): string
 
   return `${baseUrl}${separator}${queryParam}=${queryValue}`;
 };
+
+/**
+ * Sets the href on a location object if the protocol is not https
+ * @param {Location} { protocol, href }
+ */
+export const redirectToHttps = ({ protocol, href, hostname }: Location): void => {
+  const secureProtocol = 'https:';
+
+  if (protocol !== secureProtocol && hostname !== 'localhost') {
+    window.location.replace(`${secureProtocol}${href.substring(protocol.length)}`);
+  }
+};