##// END OF EJS Templates
Added tag v4.13.3 for changeset 7dc62c090881
r3047:59b28fe5 stable
Show More
https_fixup.py
70 lines | 2.5 KiB | text/x-python | PythonLexer
project: added all source files and assets
r1 # -*- coding: utf-8 -*-
release: update copyright year to 2018
r2487 # Copyright (C) 2010-2018 RhodeCode GmbH
project: added all source files and assets
r1 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
"""
middleware to handle https correctly
"""
from rhodecode.lib.utils2 import str2bool
class HttpsFixup(object):
def __init__(self, app, config):
self.application = app
self.config = config
def __call__(self, environ, start_response):
self.__fixup(environ)
debug = str2bool(self.config.get('debug'))
is_ssl = environ['wsgi.url_scheme'] == 'https'
def custom_start_response(status, headers, exc_info=None):
if is_ssl and str2bool(self.config.get('use_htsts')) and not debug:
headers.append(('Strict-Transport-Security',
'max-age=8640000; includeSubDomains'))
return start_response(status, headers, exc_info)
return self.application(environ, custom_start_response)
def __fixup(self, environ):
"""
Function to fixup the environ as needed. In order to use this
middleware you should set this header inside your
proxy ie. nginx, apache etc.
"""
# DETECT PROTOCOL !
if 'HTTP_X_URL_SCHEME' in environ:
proto = environ.get('HTTP_X_URL_SCHEME')
elif 'HTTP_X_FORWARDED_SCHEME' in environ:
proto = environ.get('HTTP_X_FORWARDED_SCHEME')
elif 'HTTP_X_FORWARDED_PROTO' in environ:
proto = environ.get('HTTP_X_FORWARDED_PROTO')
else:
proto = 'http'
org_proto = proto
# if we have force, just override
if str2bool(self.config.get('force_https')):
proto = 'https'
environ['wsgi.url_scheme'] = proto
environ['wsgi._org_proto'] = org_proto