Respect HTTP_PROTOCOL config when forcing https

2026-05-29 10:30:20 -04:00 · 2023-03-08 09:57:21 -05:00
parent bb77086342
commit 703847e184
4 changed files with 8 additions and 2 deletions
--- a/.pa11yci
+++ b/.pa11yci
@@ -2,6 +2,7 @@
  "defaults": {
    "standard": "WCAG2AA",
    "runners": ["axe"],
+    "concurrency": 1,
    "hideElements": [
      "nav > ol a",
      "#sms-pricing-details",
--- a/4
+++ b/4
@@ -27,6 +27,10 @@ watch-frontend:  ## Build frontend and watch for changes
 run-flask:  ## Run flask
 	pipenv run newrelic-admin run-program flask run -p 6012 --host=0.0.0.0

+.PHONY: run-flask-bare
+run-flask-bare:  ## Run flask without invoking pipenv so we can override ENV variables in .env
+	flask run -p 6012 --host=0.0.0.0
+
 .PHONY: npm-audit
 npm-audit:  ## Check for vulnerabilities in NPM packages
 	source $(NVMSH) && npm run audit
--- a/app/init.py
+++ b/app/init.py
@@ -247,7 +247,8 @@ def create_app(application):
        application,
        content_security_policy=_csp(application.config),
        content_security_policy_nonce_in=['style-src', 'script-src'],
-        frame_options='deny'
+        frame_options='deny',
+        force_https=(application.config['HTTP_PROTOCOL'] == 'https')
    )
    logging.init_app(application)
    webauthn_server.init_app(application)
--- a/app/config.py
+++ b/app/config.py
@@ -154,7 +154,7 @@ class Sandbox(Staging):
 class Scanning(Production):
    BASIC_AUTH_FORCE = False
    HTTP_PROTOCOL = 'http'
-    API_HOST_NAME = 'https://notify-api-demo.app.cloud.gov/'
+    API_HOST_NAME = 'https://notify-api-staging.app.cloud.gov/'
    SECRET_KEY = 'dev-notify-secret-key'  # nosec B105 - only used in development
    ADMIN_CLIENT_USER_NAME = 'notify-admin'
    ADMIN_CLIENT_SECRET = 'dev-notify-secret-key'  # nosec B105 - only used in development