##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

auth: only use X- headers instead of wsgi.url_scheme if explicitly told so in url_scheme_header - drop https_fixup setting...
Mads Kiilerich -
r8680:070b8c39 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -114,6 +114,9 b' cut_off_limit = 256000'
114 ## WSGI environment variable to get the IP address of the client (default REMOTE_ADDR)
114 ## WSGI environment variable to get the IP address of the client (default REMOTE_ADDR)
115 #remote_addr_variable = HTTP_X_FORWARDED_FOR
115 #remote_addr_variable = HTTP_X_FORWARDED_FOR
116
116
117 ## WSGI environment variable to get the protocol (http or https) of the client connection (default wsgi.url_scheme)
118 #url_scheme_variable = HTTP_X_FORWARDED_PROTO
119
117 ## always pretend the client connected using HTTPS (default false)
120 ## always pretend the client connected using HTTPS (default false)
118 #force_https = true
121 #force_https = true
119
122
Show file before | Show file after | Hide comments
@@ -432,11 +432,10 b' HTTP header, set::'
432
432
433 Kallithea will by default rely on finding the protocol (``http`` or ``https``)
433 Kallithea will by default rely on finding the protocol (``http`` or ``https``)
434 in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts
434 in the WSGI environment as ``wsgi.url_scheme``. If the proxy server puts
435 the protocol of the client request in the ``X-Url-Scheme``,
435 the protocol of the client request in the ``X-Forwarded-Proto`` HTTP header,
436 ``X-Forwarded-Scheme``, or ``X-Forwarded-Proto`` HTTP header,
436 Kallithea can be configured to trust that header by setting::
437 Kallithea can be configured to trust these headers by setting::
438
437
439 https_fixup = true
438 url_scheme_variable = HTTP_X_FORWARDED_PROTO
440
439
441
440
442 HTTPS support
441 HTTPS support
@@ -447,9 +446,8 b' Kallithea will by default generate URLs '
447 Alternatively, you can use some special configuration settings to control
446 Alternatively, you can use some special configuration settings to control
448 directly which scheme/protocol Kallithea will use when generating URLs:
447 directly which scheme/protocol Kallithea will use when generating URLs:
449
448
450 - With ``https_fixup = true``, the scheme will be taken from the
449 - With ``url_scheme_variable`` set, the scheme will be taken from that HTTP
451 ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header
450 header.
452 (default ``http``).
453 - With ``force_https = true``, the scheme will be seen as ``https``.
451 - With ``force_https = true``, the scheme will be seen as ``https``.
454 - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.
452 - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.
455
453
Show file before | Show file after | Hide comments
@@ -35,7 +35,7 b' def wrap_app(app):'
35 app = SimpleGit(app, config)
35 app = SimpleGit(app, config)
36
36
37 # Enable https redirects based on HTTP_X_URL_SCHEME set by proxy
37 # Enable https redirects based on HTTP_X_URL_SCHEME set by proxy
38 if any(asbool(config.get(x)) for x in ['https_fixup', 'force_https', 'use_htsts']):
38 if any(asbool(config.get(x)) for x in ['url_scheme_variable', 'force_https', 'use_htsts']):
39 app = HttpsFixup(app, config)
39 app = HttpsFixup(app, config)
40
40
41 app = PermanentRepoUrl(app, config)
41 app = PermanentRepoUrl(app, config)
Show file before | Show file after | Hide comments
@@ -26,6 +26,7 b' Original author and date, and relevant c'
26 """
26 """
27
27
28
28
29 import kallithea
29 from kallithea.lib.utils2 import asbool
30 from kallithea.lib.utils2 import asbool
30
31
31
32
@@ -54,20 +55,17 b' class HttpsFixup(object):'
54 middleware you should set this header inside your
55 middleware you should set this header inside your
55 proxy ie. nginx, apache etc.
56 proxy ie. nginx, apache etc.
56 """
57 """
57 # DETECT PROTOCOL !
58 proto = None
58 if 'HTTP_X_URL_SCHEME' in environ:
59 proto = environ.get('HTTP_X_URL_SCHEME')
60 elif 'HTTP_X_FORWARDED_SCHEME' in environ:
61 proto = environ.get('HTTP_X_FORWARDED_SCHEME')
62 elif 'HTTP_X_FORWARDED_PROTO' in environ:
63 proto = environ.get('HTTP_X_FORWARDED_PROTO')
64 else:
65 proto = 'http'
66 org_proto = proto
67
59
68 # if we have force, just override
60 # if we have force, just override
69 if asbool(self.config.get('force_https')):
61 if asbool(self.config.get('force_https')):
70 proto = 'https'
62 proto = 'https'
63 else:
64 # get protocol from configured WSGI environment variable
65 url_scheme_variable = kallithea.CONFIG.get('url_scheme_variable')
66 if url_scheme_variable:
67 proto = environ.get(url_scheme_variable)
71
68
72 environ['wsgi.url_scheme'] = proto
69 if proto:
73 environ['wsgi._org_proto'] = org_proto
70 environ['wsgi._org_proto'] = environ.get('wsgi.url_scheme')
71 environ['wsgi.url_scheme'] = proto
Show file before | Show file after | Hide comments
@@ -177,6 +177,9 b' cut_off_limit = 256000'
177 <%text>##</%text> WSGI environment variable to get the IP address of the client (default REMOTE_ADDR)
177 <%text>##</%text> WSGI environment variable to get the IP address of the client (default REMOTE_ADDR)
178 #remote_addr_variable = HTTP_X_FORWARDED_FOR
178 #remote_addr_variable = HTTP_X_FORWARDED_FOR
179
179
180 <%text>##</%text> WSGI environment variable to get the protocol (http or https) of the client connection (default wsgi.url_scheme)
181 #url_scheme_variable = HTTP_X_FORWARDED_PROTO
182
180 <%text>##</%text> always pretend the client connected using HTTPS (default false)
183 <%text>##</%text> always pretend the client connected using HTTPS (default false)
181 #force_https = true
184 #force_https = true
182
185
General Comments 0
You need to be logged in to leave comments. Login now