Show More
@@ -114,6 +114,9 b' cut_off_limit = 256000' | |||
|
114 | 114 | ## WSGI environment variable to get the IP address of the client (default REMOTE_ADDR) |
|
115 | 115 | #remote_addr_variable = HTTP_X_FORWARDED_FOR |
|
116 | 116 | |
|
117 | ## WSGI environment variable to get the protocol (http or https) of the client connection (default wsgi.url_scheme) | |
|
118 | #url_scheme_variable = HTTP_X_FORWARDED_PROTO | |
|
119 | ||
|
117 | 120 | ## always pretend the client connected using HTTPS (default false) |
|
118 | 121 | #force_https = true |
|
119 | 122 |
@@ -432,11 +432,10 b' HTTP header, set::' | |||
|
432 | 432 | |
|
433 | 433 | Kallithea will by default rely on finding the protocol (``http`` or ``https``) |
|
434 | 434 | in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts |
|
435 |
the protocol of the client request in the ``X- |
|
|
436 | ``X-Forwarded-Scheme``, or ``X-Forwarded-Proto`` HTTP header, | |
|
437 | Kallithea can be configured to trust these headers by setting:: | |
|
435 | the protocol of the client request in the ``X-Forwarded-Proto`` HTTP header, | |
|
436 | Kallithea can be configured to trust that header by setting:: | |
|
438 | 437 | |
|
439 | https_fixup = true | |
|
438 | url_scheme_variable = HTTP_X_FORWARDED_PROTO | |
|
440 | 439 | |
|
441 | 440 | |
|
442 | 441 | HTTPS support |
@@ -447,9 +446,8 b' Kallithea will by default generate URLs ' | |||
|
447 | 446 | Alternatively, you can use some special configuration settings to control |
|
448 | 447 | directly which scheme/protocol Kallithea will use when generating URLs: |
|
449 | 448 | |
|
450 |
- With `` |
|
|
451 | ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header | |
|
452 | (default ``http``). | |
|
449 | - With ``url_scheme_variable`` set, the scheme will be taken from that HTTP | |
|
450 | header. | |
|
453 | 451 | - With ``force_https = true``, the scheme will be seen as ``https``. |
|
454 | 452 | - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https. |
|
455 | 453 |
@@ -35,7 +35,7 b' def wrap_app(app):' | |||
|
35 | 35 | app = SimpleGit(app, config) |
|
36 | 36 | |
|
37 | 37 | # Enable https redirects based on HTTP_X_URL_SCHEME set by proxy |
|
38 |
if any(asbool(config.get(x)) for x in [' |
|
|
38 | if any(asbool(config.get(x)) for x in ['url_scheme_variable', 'force_https', 'use_htsts']): | |
|
39 | 39 | app = HttpsFixup(app, config) |
|
40 | 40 | |
|
41 | 41 | app = PermanentRepoUrl(app, config) |
@@ -26,6 +26,7 b' Original author and date, and relevant c' | |||
|
26 | 26 | """ |
|
27 | 27 | |
|
28 | 28 | |
|
29 | import kallithea | |
|
29 | 30 | from kallithea.lib.utils2 import asbool |
|
30 | 31 | |
|
31 | 32 | |
@@ -54,20 +55,17 b' class HttpsFixup(object):' | |||
|
54 | 55 | middleware you should set this header inside your |
|
55 | 56 | proxy ie. nginx, apache etc. |
|
56 | 57 | """ |
|
57 | # DETECT PROTOCOL ! | |
|
58 | if 'HTTP_X_URL_SCHEME' in environ: | |
|
59 | proto = environ.get('HTTP_X_URL_SCHEME') | |
|
60 | elif 'HTTP_X_FORWARDED_SCHEME' in environ: | |
|
61 | proto = environ.get('HTTP_X_FORWARDED_SCHEME') | |
|
62 | elif 'HTTP_X_FORWARDED_PROTO' in environ: | |
|
63 | proto = environ.get('HTTP_X_FORWARDED_PROTO') | |
|
64 | else: | |
|
65 | proto = 'http' | |
|
66 | org_proto = proto | |
|
58 | proto = None | |
|
67 | 59 | |
|
68 | 60 | # if we have force, just override |
|
69 | 61 | if asbool(self.config.get('force_https')): |
|
70 | 62 | proto = 'https' |
|
63 | else: | |
|
64 | # get protocol from configured WSGI environment variable | |
|
65 | url_scheme_variable = kallithea.CONFIG.get('url_scheme_variable') | |
|
66 | if url_scheme_variable: | |
|
67 | proto = environ.get(url_scheme_variable) | |
|
71 | 68 | |
|
72 | environ['wsgi.url_scheme'] = proto | |
|
73 |
environ['wsgi._org_proto'] = |
|
|
69 | if proto: | |
|
70 | environ['wsgi._org_proto'] = environ.get('wsgi.url_scheme') | |
|
71 | environ['wsgi.url_scheme'] = proto |
@@ -177,6 +177,9 b' cut_off_limit = 256000' | |||
|
177 | 177 | <%text>##</%text> WSGI environment variable to get the IP address of the client (default REMOTE_ADDR) |
|
178 | 178 | #remote_addr_variable = HTTP_X_FORWARDED_FOR |
|
179 | 179 | |
|
180 | <%text>##</%text> WSGI environment variable to get the protocol (http or https) of the client connection (default wsgi.url_scheme) | |
|
181 | #url_scheme_variable = HTTP_X_FORWARDED_PROTO | |
|
182 | ||
|
180 | 183 | <%text>##</%text> always pretend the client connected using HTTPS (default false) |
|
181 | 184 | #force_https = true |
|
182 | 185 |
General Comments 0
You need to be logged in to leave comments.
Login now