adds https escape hatch for customAttributes

Datawheel · Jun 24, 2022 · 208e5c2 · 208e5c2
1 parent 1421a77
commit 208e5c2
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/packages/cms/README.md b/packages/cms/README.md
@@ -310,6 +310,7 @@ A Canon site often takes the form of DataCountry.io, and is made of **Profiles**
 | `CANON_CMS_GENERATOR_TIMEOUT`    | The number of ms after which a generator request times out, defaults to 5s. Increase this if you are making heavy requests that exceed 5s                                 | 5000                   |
 | `CANON_CMS_DEEPSEARCH_API`       | Server location of Deepsearch API                                                                                                                                         | `undefined`            |
 | `CANON_CMS_LUNR`                 | Enable Basic LUNR search                                                                                                                                                  | `undefined`            |
+| `CANON_CMS_FORCE_HTTPS`          | Force use of HTTPS for customAttributes                                                                                                                                   | `undefined`            |
 | `CANON_CMS_HTACCESS_USER`        | Authentication user for PDF generation on .htaccess protected pages                                                                                                       | `undefined`            |
 | `CANON_CMS_HTACCESS_PW`          | Authentication password for PDF generation on .htaccess protected pages                                                                                                   | `undefined`            |
 | `CANON_CMS_PDF_DISABLE`          | Disable the PDF generation endpoint                                                                                                                                       | `undefined`            |

diff --git a/packages/cms/src/api/mortarRoute.js b/packages/cms/src/api/mortarRoute.js
@@ -14,11 +14,13 @@ const PromiseThrottle = require("promise-throttle"),
 
 const {
   CANON_CMS_MINIMUM_ROLE,
+  CANON_CMS_FORCE_HTTPS,
   OLAP_PROXY_SECRET
 } = process.env;
 
 const verbose = yn(process.env.CANON_CMS_LOGGING);
 const envLoc = process.env.CANON_LANGUAGE_DEFAULT || "en";
+const forceHTTPS = yn(CANON_CMS_FORCE_HTTPS);
 
 const catcher = e => {
   if (verbose) console.error("Error in mortarRoute: ", e);
@@ -321,7 +323,8 @@ module.exports = function(app) {
       // use it in their allowed section will be hidden in for PDF printing.
       smallAttr.showWhenPrinting = req.query.print !== "true";
       // Fetch Custom Magic Generator
-      const magicURL = `${ req.protocol }://${ req.headers.host }/api/cms/customAttributes/${pid}`;
+      const protocol = forceHTTPS ? "https" : req.protocol;
+      const magicURL = `${ protocol }://${ req.headers.host }/api/cms/customAttributes/${pid}`;
       const magicResp = await axios.post(magicURL, {variables: smallAttr, locale}).catch(() => ({data: {}}));
       if (typeof magicResp.data === "object") {
         smallAttr = {...smallAttr, ...magicResp.data};