Show More
| @@ -1,71 +1,70 | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 | """ |
|
2 | """ | |
| 3 | rhodecode.lib.middleware.https_fixup |
|
3 | rhodecode.lib.middleware.https_fixup | |
| 4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
| 5 |
|
5 | |||
| 6 | middleware to handle https correctly |
|
6 | middleware to handle https correctly | |
| 7 |
|
7 | |||
| 8 | :created_on: May 23, 2010 |
|
8 | :created_on: May 23, 2010 | |
| 9 | :author: marcink |
|
9 | :author: marcink | |
| 10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> | |
| 11 | :license: GPLv3, see COPYING for more details. |
|
11 | :license: GPLv3, see COPYING for more details. | |
| 12 | """ |
|
12 | """ | |
| 13 | # This program is free software: you can redistribute it and/or modify |
|
13 | # This program is free software: you can redistribute it and/or modify | |
| 14 | # it under the terms of the GNU General Public License as published by |
|
14 | # it under the terms of the GNU General Public License as published by | |
| 15 | # the Free Software Foundation, either version 3 of the License, or |
|
15 | # the Free Software Foundation, either version 3 of the License, or | |
| 16 | # (at your option) any later version. |
|
16 | # (at your option) any later version. | |
| 17 | # |
|
17 | # | |
| 18 | # This program is distributed in the hope that it will be useful, |
|
18 | # This program is distributed in the hope that it will be useful, | |
| 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 21 | # GNU General Public License for more details. |
|
21 | # GNU General Public License for more details. | |
| 22 | # |
|
22 | # | |
| 23 | # You should have received a copy of the GNU General Public License |
|
23 | # You should have received a copy of the GNU General Public License | |
| 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 25 |
|
25 | |||
| 26 | from pylons.controllers.util import Request |
|
|||
| 27 | from rhodecode.lib.utils2 import str2bool |
|
26 | from rhodecode.lib.utils2 import str2bool | |
| 28 |
|
27 | |||
| 29 |
|
28 | |||
| 30 | class HttpsFixup(object): |
|
29 | class HttpsFixup(object): | |
| 31 |
|
30 | |||
| 32 | def __init__(self, app, config): |
|
31 | def __init__(self, app, config): | |
| 33 | self.application = app |
|
32 | self.application = app | |
| 34 | self.config = config |
|
33 | self.config = config | |
| 35 |
|
34 | |||
| 36 | def __call__(self, environ, start_response): |
|
35 | def __call__(self, environ, start_response): | |
| 37 | self.__fixup(environ) |
|
36 | self.__fixup(environ) | |
| 38 | debug = str2bool(self.config.get('debug')) |
|
37 | debug = str2bool(self.config.get('debug')) | |
| 39 | if str2bool(self.config.get('use_htsts')) and not debug: |
|
38 | is_ssl = environ['wsgi.url_scheme'] == 'https' | |
| 40 | req = Request(environ, self.application) |
|
|||
| 41 | resp = req.get_response(self.application) |
|
|||
| 42 | if environ['wsgi.url_scheme'] == 'https': |
|
|||
| 43 | resp.headers['Strict-Transport-Security'] = \ |
|
|||
| 44 | 'max-age=8640000; includeSubDomains' |
|
|||
| 45 | return resp(environ, start_response) |
|
|||
| 46 |
|
39 | |||
| 47 | return self.application(environ, start_response) |
|
40 | def custom_start_response(status, headers, exc_info=None): | |
|
|
41 | if is_ssl and str2bool(self.config.get('use_htsts')) and not debug: | |||
|
|
42 | headers.append(('Strict-Transport-Security', | |||
|
|
43 | 'max-age=8640000; includeSubDomains')) | |||
|
|
44 | return start_response(status, headers, exc_info) | |||
|
|
45 | ||||
|
|
46 | return self.application(environ, custom_start_response) | |||
| 48 |
|
47 | |||
| 49 | def __fixup(self, environ): |
|
48 | def __fixup(self, environ): | |
| 50 | """ |
|
49 | """ | |
| 51 | Function to fixup the environ as needed. In order to use this |
|
50 | Function to fixup the environ as needed. In order to use this | |
| 52 | middleware you should set this header inside your |
|
51 | middleware you should set this header inside your | |
| 53 | proxy ie. nginx, apache etc. |
|
52 | proxy ie. nginx, apache etc. | |
| 54 | """ |
|
53 | """ | |
| 55 | # DETECT PROTOCOL ! |
|
54 | # DETECT PROTOCOL ! | |
| 56 | if 'HTTP_X_URL_SCHEME' in environ: |
|
55 | if 'HTTP_X_URL_SCHEME' in environ: | |
| 57 | proto = environ.get('HTTP_X_URL_SCHEME') |
|
56 | proto = environ.get('HTTP_X_URL_SCHEME') | |
| 58 | elif 'HTTP_X_FORWARDED_SCHEME' in environ: |
|
57 | elif 'HTTP_X_FORWARDED_SCHEME' in environ: | |
| 59 | proto = environ.get('HTTP_X_FORWARDED_SCHEME') |
|
58 | proto = environ.get('HTTP_X_FORWARDED_SCHEME') | |
| 60 | elif 'HTTP_X_FORWARDED_PROTO' in environ: |
|
59 | elif 'HTTP_X_FORWARDED_PROTO' in environ: | |
| 61 | proto = environ.get('HTTP_X_FORWARDED_PROTO') |
|
60 | proto = environ.get('HTTP_X_FORWARDED_PROTO') | |
| 62 | else: |
|
61 | else: | |
| 63 | proto = 'http' |
|
62 | proto = 'http' | |
| 64 | org_proto = proto |
|
63 | org_proto = proto | |
| 65 |
|
64 | |||
| 66 | # if we have force, just override |
|
65 | # if we have force, just override | |
| 67 | if str2bool(self.config.get('force_https')): |
|
66 | if str2bool(self.config.get('force_https')): | |
| 68 | proto = 'https' |
|
67 | proto = 'https' | |
| 69 |
|
68 | |||
| 70 | environ['wsgi.url_scheme'] = proto |
|
69 | environ['wsgi.url_scheme'] = proto | |
| 71 | environ['wsgi._org_proto'] = org_proto |
|
70 | environ['wsgi._org_proto'] = org_proto | |
General Comments 0
You need to be logged in to leave comments.
Login now