upstream/kallithea Commit - r3359:c394a564

make the htsts headers optional and stored in .ini file....

marcink -

r3359:c394a564 beta

parent child

development.ini

0 +3 0

              app_instance_uuid = rc-develop
              cut_off_limit = 256000
              vcs_full_cache = True
+             # force https in RhodeCode, fixes https redirects, assumes it's always https
              force_https = false
+             # use Strict-Transport-Security headers
+             use_htsts = false
              commit_parse_limit = 25
              # number of items displayed in lightweight dashboard before paginating
              dashboard_items = 100

production.ini

0 +3 0

              app_instance_uuid = rc-production
              cut_off_limit = 256000
              vcs_full_cache = True
+             # force https in RhodeCode, fixes https redirects, assumes it's always https
              force_https = false
+             # use Strict-Transport-Security headers
+             use_htsts = false
              commit_parse_limit = 50
              # number of items displayed in lightweight dashboard before paginating
              dashboard_items = 100

rhodecode/config/deployment.ini_tmpl

0 +3 0

              app_instance_uuid = ${app_instance_uuid}
              cut_off_limit = 256000
              vcs_full_cache = True
+             # force https in RhodeCode, fixes https redirects, assumes it's always https
              force_https = false
+             # use Strict-Transport-Security headers
+             use_htsts = false
              commit_parse_limit = 50
              # number of items displayed in lightweight dashboard before paginating
              dashboard_items = 100

rhodecode/lib/middleware/https_fixup.py

0 +10 -5

                  def __call__(self, environ, start_response):
                      self.__fixup(environ)
-                     req = Request(environ)
-                     resp = req.get_response(self.application)
-                     if environ['wsgi.url_scheme'] == 'https':
-                         resp.headers['Strict-Transport-Security'] = 'max-age=8640000; includeSubDomains'
-                     return resp(environ, start_response)
+                     debug = str2bool(self.config.get('debug'))
+                     if str2bool(self.config.get('use_htsts')) and not debug:
+                         req = Request(environ, self.application)
+                         resp = req.get_response(self.application)
+                         if environ['wsgi.url_scheme'] == 'https':
+                             resp.headers['Strict-Transport-Security'] = \
+                                 'max-age=8640000; includeSubDomains'
+                         return resp(environ, start_response)
+                     return self.application(environ, start_response)
                  def __fixup(self, environ):
                      """

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages