Merge pull request #1118 from theseyi/secure-redirect

redirects to https from unsecure locations on app transition

wherehows-web/app/router.js

@@ -2,7 +2,8 @@ import Router from '@ember/routing/router';
 import { get, getWithDefault } from '@ember/object';
 import { inject as service } from '@ember/service';
 import { scheduleOnce } from '@ember/runloop';
-import config from './config/environment';
+import config from 'wherehows-web/config/environment';
+import { redirectToHttps } from 'wherehows-web/utils/build-url';
 
 const AppRouter = Router.extend({
   location: config.locationType,
@@ -11,6 +12,15 @@ const AppRouter = Router.extend({
 
   metrics: service(),
 
+  willTransition() {
+    const { APP: { useSecureRedirect } } = config;
+    this._super(...arguments);
+
+    if (useSecureRedirect) {
+      redirectToHttps(window.location);
+    }
+  },
+
   didTransition() {
     this._super(...arguments);
 

wherehows-web/app/utils/build-url.ts

@@ -39,3 +39,15 @@ export default (baseUrl: string, queryParam: string, queryValue: string): string
 
   return `${baseUrl}${separator}${queryParam}=${queryValue}`;
 };
+
+/**
+ * Sets the href on a location object if the protocol is not https
+ * @param {Location} { protocol, href }
+ */
+export const redirectToHttps = ({ protocol, href, hostname }: Location): void => {
+  const secureProtocol = 'https:';
+
+  if (protocol !== secureProtocol && hostname !== 'localhost') {
+    window.location.replace(`${secureProtocol}${href.substring(protocol.length)}`);
+  }
+};

wherehows-web/config/environment.js

@@ -18,8 +18,7 @@ module.exports = function(environment) {
     },
 
     APP: {
-      // Here you can pass flags/options to your application instance
+      useSecureRedirect: true
-      // when it is created
     },
 
     eyeglass: {