Show More
| @@ -23,7 +23,6 b'' | |||
|
|
23 | 23 | # You should have received a copy of the GNU General Public License |
|
|
24 | 24 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
|
25 | 25 | |
|
|
26 | from pylons.controllers.util import Request | |
|
|
27 | 26 | from rhodecode.lib.utils2 import str2bool |
|
|
28 | 27 | |
|
|
29 | 28 | |
| @@ -36,15 +35,15 b' class HttpsFixup(object):' | |||
|
|
36 | 35 | def __call__(self, environ, start_response): |
|
|
37 | 36 | self.__fixup(environ) |
|
|
38 | 37 | debug = str2bool(self.config.get('debug')) |
|
|
39 | if str2bool(self.config.get('use_htsts')) and not debug: | |
|
|
40 | req = Request(environ, self.application) | |
|
|
41 | resp = req.get_response(self.application) | |
|
|
42 | if environ['wsgi.url_scheme'] == 'https': | |
|
|
43 | resp.headers['Strict-Transport-Security'] = \ | |
|
|
44 | 'max-age=8640000; includeSubDomains' | |
|
|
45 | return resp(environ, start_response) | |
|
|
38 | is_ssl = environ['wsgi.url_scheme'] == 'https' | |
|
|
46 | 39 | |
|
|
47 | return self.application(environ, start_response) | |
|
|
40 | def custom_start_response(status, headers, exc_info=None): | |
|
|
41 | if is_ssl and str2bool(self.config.get('use_htsts')) and not debug: | |
|
|
42 | headers.append(('Strict-Transport-Security', | |
|
|
43 | 'max-age=8640000; includeSubDomains')) | |
|
|
44 | return start_response(status, headers, exc_info) | |
|
|
45 | ||
|
|
46 | return self.application(environ, custom_start_response) | |
|
|
48 | 47 | |
|
|
49 | 48 | def __fixup(self, environ): |
|
|
50 | 49 | """ |
General Comments 0
You need to be logged in to leave comments.
Login now