adobe · dominique-pfister · May 3, 2024 · May 2, 2024 · May 2, 2024 · May 2, 2024
diff --git a/src/abstract-server.cmd.js b/src/abstract-server.cmd.js
@@ -84,7 +84,7 @@ export class AbstractServerCommand extends AbstractCommand {
     this.emit('stopped', this);
   }
 
-  async initSeverOptions() {
+  async initServerOptions() {
     if (this._cache) {
       await fse.ensureDir(this._cache);
       this._project.withCacheDirectory(this._cache);

diff --git a/src/fetch-utils.js b/src/fetch-utils.js
@@ -45,11 +45,11 @@ const httpProxyHandler = {
 };
 
 // create global context that is used by all commands and can be reset for CLI to terminate
-export function getFetch(allowUnauthorized) {
-  const cacheName = allowUnauthorized ? 'insecure' : 'default';
+export function getFetch(allowInsecure) {
+  const cacheName = allowInsecure ? 'insecure' : 'default';
   let cache = CONTEXT_CACHE[cacheName];
   if (!cache) {
-    const context = keepAlive({ rejectUnauthorized: !allowUnauthorized });
+    const context = keepAlive({ rejectUnauthorized: !allowInsecure });
     cache = {
       context,
       fetch: new Proxy(context.fetch, httpProxyHandler),

diff --git a/src/import.cmd.js b/src/import.cmd.js
@@ -22,6 +22,12 @@ export default class ImportCommand extends AbstractServerCommand {
   constructor(logger) {
     super(logger);
     this._importerSubPath = 'tools/importer';
+    this._allowInsecure = true;
+  }
+
+  withAllowInsecure(value) {
+    this._allowInsecure = value;
+    return this;
   }
 
   withSkipUI(value) {
@@ -79,7 +85,8 @@ export default class ImportCommand extends AbstractServerCommand {
     this._project = new HelixImportProject()
       .withCwd(this.directory)
       .withLogger(this._logger)
-      .withKill(this._kill);
+      .withKill(this._kill)
+      .withAllowInsecure(this._allowInsecure);
     this.log.info(chalk`{yellow     ___    ________  ___                                __}`);
     this.log.info(chalk`{yellow    /   |  / ____/  |/  /  (_)___ ___  ____  ____  _____/ /____  _____}`);
     this.log.info(chalk`{yellow   / /| | / __/ / /|_/ /  / / __ \`__ \\/ __ \\/ __ \\/ ___/ __/ _ \\/ ___/}`);
@@ -88,7 +95,7 @@ export default class ImportCommand extends AbstractServerCommand {
     this.log.info(chalk`{yellow                                   /_/ v${pkgJson.version}}`);
     this.log.info('');
 
-    await this.initSeverOptions();
+    await this.initServerOptions();
 
     if (!this._skipUI) {
       await this.setupImporterUI();

diff --git a/src/import.js b/src/import.js
@@ -80,6 +80,12 @@ export default function up() {
           type: 'string',
         })
         .group(['open', 'no-open', 'cache', 'ui-repo', 'skip-ui'], 'AEM Importer Options')
+        .option('allow-insecure', {
+          alias: 'allowInsecure',
+          describe: 'Whether to allow insecure requests to the server',
+          type: 'boolean',
+          default: true,
+        })
 
         .help();
     },
@@ -100,6 +106,7 @@ export default function up() {
         // this prevents the window to be opened during integration tests
         .withOpen(path.basename(argv.$0) === 'aem' ? argv.open : false)
         .withTLS(argv.tlsKey, argv.tlsCert)
+        .withAllowInsecure(argv.allowInsecure)
         .withKill(argv.stopOther)
         .withCache(argv.cache)
         .withSkipUI(argv.skipUI)

diff --git a/src/server/BaseServer.js b/src/server/BaseServer.js
@@ -116,7 +116,7 @@ export class BaseServer extends EventEmitter {
       let retries = 1;
       if (this._project.kill && await utils.checkPortInUse(this._port, this._addr)) {
         try {
-          const res = await getFetch()(`${this._scheme}://${this._addr}:${this._port}/.kill`);
+          const res = await getFetch(true)(`${this._scheme}://${this._addr}:${this._port}/.kill`);
           await res.text();
         } catch (e) {
           // ignore errors, in case the other server closes connection

diff --git a/src/server/HeadHtmlSupport.js b/src/server/HeadHtmlSupport.js
@@ -75,7 +75,9 @@ export default class HeadHtmlSupport {
       .parse(html);
   }
 
-  constructor({ proxyUrl, directory, log }) {
+  constructor({
+    proxyUrl, directory, allowInsecure, log,
+  }) {
     this.remoteHtml = '';
     this.remoteDom = null;
     this.remoteStatus = 0;
@@ -85,6 +87,7 @@ export default class HeadHtmlSupport {
     this.url = new URL(proxyUrl);
     this.url.pathname = '/head.html';
     this.filePath = resolve(directory, 'head.html');
+    this.allowInsecure = allowInsecure;
     this.log = log;
   }
 
@@ -94,7 +97,7 @@ export default class HeadHtmlSupport {
     if (this.cookie) {
       headers.cookie = this.cookie;
     }
-    const resp = await getFetch()(this.url, {
+    const resp = await getFetch(this.allowInsecure)(this.url, {
       cache: 'no-store',
       headers,
     });

diff --git a/src/server/HelixImportProject.js b/src/server/HelixImportProject.js
@@ -15,6 +15,17 @@ import { BaseProject } from './BaseProject.js';
 export class HelixImportProject extends BaseProject {
   constructor() {
     super(HelixImportServer);
+
+    this._allowInsecure = true;
+  }
+
+  withAllowInsecure(value) {
+    this._allowInsecure = value;
+    return this;
+  }
+
+  get allowInsecure() {
+    return this._allowInsecure;
   }
 
   async start() {

diff --git a/src/server/HelixImportServer.js b/src/server/HelixImportServer.js
@@ -101,7 +101,7 @@ export class HelixImportServer extends BaseServer {
     delete headers.host;
     delete headers.referer;
 
-    const ret = await getFetch(true)(url, {
+    const ret = await getFetch(ctx.config.allowInsecure)(url, {
       method: req.method,
       headers,
       cache: 'no-store',

diff --git a/src/server/HelixProject.js b/src/server/HelixProject.js
@@ -23,6 +23,7 @@ export class HelixProject extends BaseProject {
     this._headHtml = null;
     this._indexer = null;
     this._printIndex = false;
+    this._allowInsecure = false;
     this._file404html = null;
   }
 
@@ -41,10 +42,19 @@ export class HelixProject extends BaseProject {
     return this;
   }
 
+  withAllowInsecure(value) {
+    this._allowInsecure = value;
+    return this;
+  }
+
   get proxyUrl() {
     return this._proxyUrl;
   }
 
+  get allowInsecure() {
+    return this._allowInsecure;
+  }
+
   get indexer() {
     return this._indexer;
   }
@@ -77,6 +87,7 @@ export class HelixProject extends BaseProject {
         directory: this.directory,
         log: this.log,
         proxyUrl: this.proxyUrl,
+        allowInsecure: this.allowInsecure,
       });
 
       // register local head in live-reload

diff --git a/src/server/utils.js b/src/server/utils.js
@@ -58,7 +58,7 @@ const utils = {
     if (auth) {
       headers.authorization = `Bearer ${auth}`;
     }
-    const res = await getFetch()(uri, {
+    const res = await getFetch(ctx.config.allowInsecure)(uri, {
       cache: 'no-store',
       headers,
     });
@@ -258,7 +258,7 @@ window.LiveReloadOptions = {
     delete headers.connection;
     delete headers['proxy-connection'];
     delete headers.host;
-    const ret = await getFetch()(url, {
+    const ret = await getFetch(ctx.config.allowInsecure)(url, {
       method: req.method,
       headers,
       cache: 'no-store',

diff --git a/src/up.cmd.js b/src/up.cmd.js
@@ -35,6 +35,11 @@ export default class UpCommand extends AbstractServerCommand {
     return this;
   }
 
+  withAllowInsecure(value) {
+    this._allowInsecure = value;
+    return this;
+  }
+
   async doStop() {
     await super.doStop();
     if (this._watcher) {
@@ -65,7 +70,8 @@ export default class UpCommand extends AbstractServerCommand {
       .withLiveReload(this._liveReload)
       .withLogger(this._logger)
       .withKill(this._kill)
-      .withPrintIndex(this._printIndex);
+      .withPrintIndex(this._printIndex)
+      .withAllowInsecure(this._allowInsecure);
     this.log.info(chalk`{yellow     ___    ________  ___                          __      __ v${pkgJson.version}}`);
     this.log.info(chalk`{yellow    /   |  / ____/  |/  /  _____(_)___ ___  __  __/ /___ _/ /_____  _____}`);
     this.log.info(chalk`{yellow   / /| | / __/ / /|_/ /  / ___/ / __ \`__ \\/ / / / / __ \`/ __/ __ \\/ ___/}`);
@@ -79,7 +85,7 @@ export default class UpCommand extends AbstractServerCommand {
       await this.verifyUrl(this._gitUrl, ref);
     }
     this._project.withProxyUrl(this._url);
-    await this.initSeverOptions();
+    await this.initServerOptions();
 
     try {
       await this._project.init();
@@ -111,7 +117,7 @@ export default class UpCommand extends AbstractServerCommand {
     //             "testProperty": "header";
     // }
     const configUrl = `https://admin.hlx.page/sidekick/${gitUrl.owner}/${gitUrl.repo}/main/config.json`;
-    const configResp = await getFetch()(configUrl);
+    const configResp = await getFetch(this._allowInsecure)(configUrl);
     let previewHostBase = 'hlx.page';
     if (configResp.ok) {
       // this is best effort for now

diff --git a/src/up.js b/src/up.js
@@ -92,6 +92,12 @@ export default function up() {
           type: 'string',
         })
         .group(['url', 'livereload', 'no-livereload', 'open', 'no-open', 'print-index', 'cache'], 'AEM Options')
+        .option('allow-insecure', {
+          alias: 'allowInsecure',
+          describe: 'Whether to allow insecure requests to the server',
+          type: 'boolean',
+          default: false,
+        })
 
         .help();
     },
@@ -112,6 +118,7 @@ export default function up() {
         .withLiveReload(argv.livereload)
         .withUrl(argv.url)
         .withPrintIndex(argv.printIndex)
+        .withAllowInsecure(argv.allowInsecure)
         .withKill(argv.stopOther)
         .withCache(argv.alphaCache)
         .run();

diff --git a/test/import-cli.test.js b/test/import-cli.test.js
@@ -43,6 +43,7 @@ describe('hlx import', () => {
     mockImport.withCache.returnsThis();
     mockImport.withSkipUI.returnsThis();
     mockImport.withUIRepo.returnsThis();
+    mockImport.withAllowInsecure.returnsThis();
     mockImport.run.returnsThis();
     cli = (await new CLI().initCommands()).withCommandExecutor('import', mockImport);
   });

diff --git a/test/up-cli.test.js b/test/up-cli.test.js
@@ -42,6 +42,7 @@ describe('hlx up', () => {
     mockUp.withBindAddr.returnsThis();
     mockUp.withUrl.returnsThis();
     mockUp.withPrintIndex.returnsThis();
+    mockUp.withAllowInsecure.returnsThis();
     mockUp.withKill.returnsThis();
     mockUp.withCache.returnsThis();
     mockUp.run.returnsThis();
@@ -121,6 +122,12 @@ describe('hlx up', () => {
     sinon.assert.calledOnce(mockUp.run);
   });
 
+  it('hlx up can enable allow insecure', async () => {
+    await cli.run(['up', '--allow-insecure']);
+    sinon.assert.calledWith(mockUp.withAllowInsecure, true);
+    sinon.assert.calledOnce(mockUp.run);
+  });
+
   it('hlx up can enable cache', async () => {
     await cli.run(['up', '--alpha-cache', '.cache/']);
     sinon.assert.calledWith(mockUp.withCache, '.cache/');