Show More
@@ -66,7 +66,10 b' index_dir = %(here)s/data/index' | |||||
66 | app_instance_uuid = rc-develop |
|
66 | app_instance_uuid = rc-develop | |
67 | cut_off_limit = 256000 |
|
67 | cut_off_limit = 256000 | |
68 | vcs_full_cache = True |
|
68 | vcs_full_cache = True | |
|
69 | # force https in RhodeCode, fixes https redirects, assumes it's always https | |||
69 | force_https = false |
|
70 | force_https = false | |
|
71 | # use Strict-Transport-Security headers | |||
|
72 | use_htsts = false | |||
70 | commit_parse_limit = 25 |
|
73 | commit_parse_limit = 25 | |
71 | # number of items displayed in lightweight dashboard before paginating |
|
74 | # number of items displayed in lightweight dashboard before paginating | |
72 | dashboard_items = 100 |
|
75 | dashboard_items = 100 |
@@ -66,7 +66,10 b' index_dir = %(here)s/data/index' | |||||
66 | app_instance_uuid = rc-production |
|
66 | app_instance_uuid = rc-production | |
67 | cut_off_limit = 256000 |
|
67 | cut_off_limit = 256000 | |
68 | vcs_full_cache = True |
|
68 | vcs_full_cache = True | |
|
69 | # force https in RhodeCode, fixes https redirects, assumes it's always https | |||
69 | force_https = false |
|
70 | force_https = false | |
|
71 | # use Strict-Transport-Security headers | |||
|
72 | use_htsts = false | |||
70 | commit_parse_limit = 50 |
|
73 | commit_parse_limit = 50 | |
71 | # number of items displayed in lightweight dashboard before paginating |
|
74 | # number of items displayed in lightweight dashboard before paginating | |
72 | dashboard_items = 100 |
|
75 | dashboard_items = 100 |
@@ -66,7 +66,10 b' index_dir = %(here)s/data/index' | |||||
66 | app_instance_uuid = ${app_instance_uuid} |
|
66 | app_instance_uuid = ${app_instance_uuid} | |
67 | cut_off_limit = 256000 |
|
67 | cut_off_limit = 256000 | |
68 | vcs_full_cache = True |
|
68 | vcs_full_cache = True | |
|
69 | # force https in RhodeCode, fixes https redirects, assumes it's always https | |||
69 | force_https = false |
|
70 | force_https = false | |
|
71 | # use Strict-Transport-Security headers | |||
|
72 | use_htsts = false | |||
70 | commit_parse_limit = 50 |
|
73 | commit_parse_limit = 50 | |
71 | # number of items displayed in lightweight dashboard before paginating |
|
74 | # number of items displayed in lightweight dashboard before paginating | |
72 | dashboard_items = 100 |
|
75 | dashboard_items = 100 |
@@ -35,11 +35,16 b' class HttpsFixup(object):' | |||||
35 |
|
35 | |||
36 | def __call__(self, environ, start_response): |
|
36 | def __call__(self, environ, start_response): | |
37 | self.__fixup(environ) |
|
37 | self.__fixup(environ) | |
38 | req = Request(environ) |
|
38 | debug = str2bool(self.config.get('debug')) | |
39 | resp = req.get_response(self.application) |
|
39 | if str2bool(self.config.get('use_htsts')) and not debug: | |
40 | if environ['wsgi.url_scheme'] == 'https': |
|
40 | req = Request(environ, self.application) | |
41 | resp.headers['Strict-Transport-Security'] = 'max-age=8640000; includeSubDomains' |
|
41 | resp = req.get_response(self.application) | |
42 | return resp(environ, start_response) |
|
42 | if environ['wsgi.url_scheme'] == 'https': | |
|
43 | resp.headers['Strict-Transport-Security'] = \ | |||
|
44 | 'max-age=8640000; includeSubDomains' | |||
|
45 | return resp(environ, start_response) | |||
|
46 | ||||
|
47 | return self.application(environ, start_response) | |||
43 |
|
48 | |||
44 | def __fixup(self, environ): |
|
49 | def __fixup(self, environ): | |
45 | """ |
|
50 | """ |
General Comments 0
You need to be logged in to leave comments.
Login now