Show More
| @@ -1,71 +1,70 | |||
|
|
1 | 1 | # -*- coding: utf-8 -*- |
|
|
2 | 2 | """ |
|
|
3 | 3 | rhodecode.lib.middleware.https_fixup |
|
|
4 | 4 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
|
5 | 5 | |
|
|
6 | 6 | middleware to handle https correctly |
|
|
7 | 7 | |
|
|
8 | 8 | :created_on: May 23, 2010 |
|
|
9 | 9 | :author: marcink |
|
|
10 | 10 | :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
|
11 | 11 | :license: GPLv3, see COPYING for more details. |
|
|
12 | 12 | """ |
|
|
13 | 13 | # This program is free software: you can redistribute it and/or modify |
|
|
14 | 14 | # it under the terms of the GNU General Public License as published by |
|
|
15 | 15 | # the Free Software Foundation, either version 3 of the License, or |
|
|
16 | 16 | # (at your option) any later version. |
|
|
17 | 17 | # |
|
|
18 | 18 | # This program is distributed in the hope that it will be useful, |
|
|
19 | 19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
20 | 20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
21 | 21 | # GNU General Public License for more details. |
|
|
22 | 22 | # |
|
|
23 | 23 | # You should have received a copy of the GNU General Public License |
|
|
24 | 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
|
25 | 25 | |
|
|
26 | from pylons.controllers.util import Request | |
|
|
27 | 26 | from rhodecode.lib.utils2 import str2bool |
|
|
28 | 27 | |
|
|
29 | 28 | |
|
|
30 | 29 | class HttpsFixup(object): |
|
|
31 | 30 | |
|
|
32 | 31 | def __init__(self, app, config): |
|
|
33 | 32 | self.application = app |
|
|
34 | 33 | self.config = config |
|
|
35 | 34 | |
|
|
36 | 35 | def __call__(self, environ, start_response): |
|
|
37 | 36 | self.__fixup(environ) |
|
|
38 | 37 | debug = str2bool(self.config.get('debug')) |
|
|
39 | if str2bool(self.config.get('use_htsts')) and not debug: | |
|
|
40 | req = Request(environ, self.application) | |
|
|
41 | resp = req.get_response(self.application) | |
|
|
42 | if environ['wsgi.url_scheme'] == 'https': | |
|
|
43 | resp.headers['Strict-Transport-Security'] = \ | |
|
|
44 | 'max-age=8640000; includeSubDomains' | |
|
|
45 | return resp(environ, start_response) | |
|
|
38 | is_ssl = environ['wsgi.url_scheme'] == 'https' | |
|
|
46 | 39 | |
|
|
47 | return self.application(environ, start_response) | |
|
|
40 | def custom_start_response(status, headers, exc_info=None): | |
|
|
41 | if is_ssl and str2bool(self.config.get('use_htsts')) and not debug: | |
|
|
42 | headers.append(('Strict-Transport-Security', | |
|
|
43 | 'max-age=8640000; includeSubDomains')) | |
|
|
44 | return start_response(status, headers, exc_info) | |
|
|
45 | ||
|
|
46 | return self.application(environ, custom_start_response) | |
|
|
48 | 47 | |
|
|
49 | 48 | def __fixup(self, environ): |
|
|
50 | 49 | """ |
|
|
51 | 50 | Function to fixup the environ as needed. In order to use this |
|
|
52 | 51 | middleware you should set this header inside your |
|
|
53 | 52 | proxy ie. nginx, apache etc. |
|
|
54 | 53 | """ |
|
|
55 | 54 | # DETECT PROTOCOL ! |
|
|
56 | 55 | if 'HTTP_X_URL_SCHEME' in environ: |
|
|
57 | 56 | proto = environ.get('HTTP_X_URL_SCHEME') |
|
|
58 | 57 | elif 'HTTP_X_FORWARDED_SCHEME' in environ: |
|
|
59 | 58 | proto = environ.get('HTTP_X_FORWARDED_SCHEME') |
|
|
60 | 59 | elif 'HTTP_X_FORWARDED_PROTO' in environ: |
|
|
61 | 60 | proto = environ.get('HTTP_X_FORWARDED_PROTO') |
|
|
62 | 61 | else: |
|
|
63 | 62 | proto = 'http' |
|
|
64 | 63 | org_proto = proto |
|
|
65 | 64 | |
|
|
66 | 65 | # if we have force, just override |
|
|
67 | 66 | if str2bool(self.config.get('force_https')): |
|
|
68 | 67 | proto = 'https' |
|
|
69 | 68 | |
|
|
70 | 69 | environ['wsgi.url_scheme'] = proto |
|
|
71 | 70 | environ['wsgi._org_proto'] = org_proto |
General Comments 0
You need to be logged in to leave comments.
Login now