https_fixup.py
66 lines
| 2.3 KiB
| text/x-python
|
PythonLexer
r903 | # -*- coding: utf-8 -*- | |||
""" | ||||
rhodecode.lib.middleware.https_fixup | ||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||||
middleware to handle https correctly | ||||
r1203 | ||||
r903 | :created_on: May 23, 2010 | |||
:author: marcink | ||||
r1824 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |||
r903 | :license: GPLv3, see COPYING for more details. | |||
""" | ||||
r1206 | # This program is free software: you can redistribute it and/or modify | |||
# it under the terms of the GNU General Public License as published by | ||||
# the Free Software Foundation, either version 3 of the License, or | ||||
# (at your option) any later version. | ||||
r1203 | # | |||
r547 | # This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||||
# GNU General Public License for more details. | ||||
r1203 | # | |||
r547 | # You should have received a copy of the GNU General Public License | |||
r1206 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
r547 | ||||
r3238 | from pylons.controllers.util import Request | |||
r2109 | from rhodecode.lib.utils2 import str2bool | |||
r914 | ||||
r1275 | ||||
r547 | class HttpsFixup(object): | |||
r1275 | ||||
r914 | def __init__(self, app, config): | |||
r547 | self.application = app | |||
r914 | self.config = config | |||
r903 | ||||
r547 | def __call__(self, environ, start_response): | |||
self.__fixup(environ) | ||||
r3238 | req = Request(environ) | |||
resp = req.get_response(self.application) | ||||
if environ['wsgi.url_scheme'] == 'https': | ||||
resp.headers['Strict-Transport-Security'] = 'max-age=8640000; includeSubDomains' | ||||
return resp(environ, start_response) | ||||
r903 | ||||
r547 | def __fixup(self, environ): | |||
r1275 | """ | |||
Function to fixup the environ as needed. In order to use this | ||||
r1203 | middleware you should set this header inside your | |||
r547 | proxy ie. nginx, apache etc. | |||
""" | ||||
r2668 | # DETECT PROTOCOL ! | |||
if 'HTTP_X_URL_SCHEME' in environ: | ||||
proto = environ.get('HTTP_X_URL_SCHEME') | ||||
elif 'HTTP_X_FORWARDED_SCHEME' in environ: | ||||
proto = environ.get('HTTP_X_FORWARDED_SCHEME') | ||||
elif 'HTTP_X_FORWARDED_PROTO' in environ: | ||||
proto = environ.get('HTTP_X_FORWARDED_PROTO') | ||||
else: | ||||
proto = 'http' | ||||
org_proto = proto | ||||
r903 | ||||
r2668 | # if we have force, just override | |||
r914 | if str2bool(self.config.get('force_https')): | |||
proto = 'https' | ||||
r2054 | ||||
r2668 | environ['wsgi.url_scheme'] = proto | |||
environ['wsgi._org_proto'] = org_proto | ||||