Show More
| @@ -1,71 +1,70 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 | # This program is free software: you can redistribute it and/or modify |
|
2 | # This program is free software: you can redistribute it and/or modify | |
| 3 | # it under the terms of the GNU General Public License as published by |
|
3 | # it under the terms of the GNU General Public License as published by | |
| 4 | # the Free Software Foundation, either version 3 of the License, or |
|
4 | # the Free Software Foundation, either version 3 of the License, or | |
| 5 | # (at your option) any later version. |
|
5 | # (at your option) any later version. | |
| 6 | # |
|
6 | # | |
| 7 | # This program is distributed in the hope that it will be useful, |
|
7 | # This program is distributed in the hope that it will be useful, | |
| 8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 10 | # GNU General Public License for more details. |
|
10 | # GNU General Public License for more details. | |
| 11 | # |
|
11 | # | |
| 12 | # You should have received a copy of the GNU General Public License |
|
12 | # You should have received a copy of the GNU General Public License | |
| 13 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
13 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 14 | """ |
|
14 | """ | |
| 15 | kallithea.config.middleware.https_fixup |
|
15 | kallithea.config.middleware.https_fixup | |
| 16 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
16 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 17 |
|
17 | |||
| 18 | middleware to handle https correctly |
|
18 | middleware to handle https correctly | |
| 19 |
|
19 | |||
| 20 | This file was forked by the Kallithea project in July 2014. |
|
20 | This file was forked by the Kallithea project in July 2014. | |
| 21 | Original author and date, and relevant copyright and licensing information is below: |
|
21 | Original author and date, and relevant copyright and licensing information is below: | |
| 22 | :created_on: May 23, 2010 |
|
22 | :created_on: May 23, 2010 | |
| 23 | :author: marcink |
|
23 | :author: marcink | |
| 24 | :copyright: (c) 2013 RhodeCode GmbH, and others. |
|
24 | :copyright: (c) 2013 RhodeCode GmbH, and others. | |
| 25 | :license: GPLv3, see LICENSE.md for more details. |
|
25 | :license: GPLv3, see LICENSE.md for more details. | |
| 26 | """ |
|
26 | """ | |
| 27 |
|
27 | |||
| 28 |
|
28 | |||
| 29 | import kallithea |
|
|||
| 30 | from kallithea.lib.utils2 import asbool |
|
29 | from kallithea.lib.utils2 import asbool | |
| 31 |
|
30 | |||
| 32 |
|
31 | |||
| 33 | class HttpsFixup(object): |
|
32 | class HttpsFixup(object): | |
| 34 |
|
33 | |||
| 35 | def __init__(self, app, config): |
|
34 | def __init__(self, app, config): | |
| 36 | self.application = app |
|
35 | self.application = app | |
| 37 | self.config = config |
|
36 | self.config = config | |
| 38 |
|
37 | |||
| 39 | def __call__(self, environ, start_response): |
|
38 | def __call__(self, environ, start_response): | |
| 40 | self.__fixup(environ) |
|
39 | self.__fixup(environ) | |
| 41 | debug = asbool(self.config.get('debug')) |
|
40 | debug = asbool(self.config.get('debug')) | |
| 42 | is_ssl = environ['wsgi.url_scheme'] == 'https' |
|
41 | is_ssl = environ['wsgi.url_scheme'] == 'https' | |
| 43 |
|
42 | |||
| 44 | def custom_start_response(status, headers, exc_info=None): |
|
43 | def custom_start_response(status, headers, exc_info=None): | |
| 45 | if is_ssl and asbool(self.config.get('use_htsts')) and not debug: |
|
44 | if is_ssl and asbool(self.config.get('use_htsts')) and not debug: | |
| 46 | headers.append(('Strict-Transport-Security', |
|
45 | headers.append(('Strict-Transport-Security', | |
| 47 | 'max-age=8640000; includeSubDomains')) |
|
46 | 'max-age=8640000; includeSubDomains')) | |
| 48 | return start_response(status, headers, exc_info) |
|
47 | return start_response(status, headers, exc_info) | |
| 49 |
|
48 | |||
| 50 | return self.application(environ, custom_start_response) |
|
49 | return self.application(environ, custom_start_response) | |
| 51 |
|
50 | |||
| 52 | def __fixup(self, environ): |
|
51 | def __fixup(self, environ): | |
| 53 | """ |
|
52 | """ | |
| 54 | Function to fixup the environ as needed. In order to use this |
|
53 | Function to fixup the environ as needed. In order to use this | |
| 55 | middleware you should set this header inside your |
|
54 | middleware you should set this header inside your | |
| 56 | proxy ie. nginx, apache etc. |
|
55 | proxy ie. nginx, apache etc. | |
| 57 | """ |
|
56 | """ | |
| 58 | proto = None |
|
57 | proto = None | |
| 59 |
|
58 | |||
| 60 | # if we have force, just override |
|
59 | # if we have force, just override | |
| 61 | if asbool(self.config.get('force_https')): |
|
60 | if asbool(self.config.get('force_https')): | |
| 62 | proto = 'https' |
|
61 | proto = 'https' | |
| 63 | else: |
|
62 | else: | |
| 64 | # get protocol from configured WSGI environment variable |
|
63 | # get protocol from configured WSGI environment variable | |
| 65 |
url_scheme_variable = |
|
64 | url_scheme_variable = self.config.get('url_scheme_variable') | |
| 66 | if url_scheme_variable: |
|
65 | if url_scheme_variable: | |
| 67 | proto = environ.get(url_scheme_variable) |
|
66 | proto = environ.get(url_scheme_variable) | |
| 68 |
|
67 | |||
| 69 | if proto: |
|
68 | if proto: | |
| 70 | environ['wsgi._org_proto'] = environ.get('wsgi.url_scheme') |
|
69 | environ['wsgi._org_proto'] = environ.get('wsgi.url_scheme') | |
| 71 | environ['wsgi.url_scheme'] = proto |
|
70 | environ['wsgi.url_scheme'] = proto | |
General Comments 0
You need to be logged in to leave comments.
Login now