Mercurial > kallithea
annotate rhodecode/lib/middleware/https_fixup.py @ 3238:26bf9c8baad2 beta
added HSTS headers when using SSL for RhodeCode
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Sun, 27 Jan 2013 22:37:55 +0100 |
| parents | f0851f37d6be |
| children | c394a564ab71 |
| rev | line source |
|---|---|
|
903
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
1 # -*- coding: utf-8 -*- |
|
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
2 """ |
|
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
3 rhodecode.lib.middleware.https_fixup |
|
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
5 |
|
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
6 middleware to handle https correctly |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
914
diff
changeset
|
7 |
|
903
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
8 :created_on: May 23, 2010 |
|
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
9 :author: marcink |
|
1824
89efedac4e6c
2012 copyrights
Marcin Kuzminski <marcin@python-works.com>
parents:
1275
diff
changeset
|
10 :copyright: (C) 2010-2012 Marcin Kuzminski <marcin@python-works.com> |
|
903
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
11 :license: GPLv3, see COPYING for more details. |
|
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
12 """ |
|
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
13 # This program is free software: you can redistribute it and/or modify |
|
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
14 # it under the terms of the GNU General Public License as published by |
|
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
15 # the Free Software Foundation, either version 3 of the License, or |
|
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
16 # (at your option) any later version. |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
914
diff
changeset
|
17 # |
|
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
204
diff
changeset
|
18 # This program is distributed in the hope that it will be useful, |
|
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
204
diff
changeset
|
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
204
diff
changeset
|
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
204
diff
changeset
|
21 # GNU General Public License for more details. |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
914
diff
changeset
|
22 # |
|
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
204
diff
changeset
|
23 # You should have received a copy of the GNU General Public License |
|
1206
a671db5bdd58
fixed license issue #149
Marcin Kuzminski <marcin@python-works.com>
parents:
1203
diff
changeset
|
24 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
252
3782a6d698af
licensing updates, code cleanups
Marcin Kuzminski <marcin@python-works.com>
parents:
204
diff
changeset
|
25 |
|
3238
26bf9c8baad2
added HSTS headers when using SSL for RhodeCode
Marcin Kuzminski <marcin@python-works.com>
parents:
2668
diff
changeset
|
26 from pylons.controllers.util import Request |
| 2109 | 27 from rhodecode.lib.utils2 import str2bool |
|
914
110a00c181de
Added force https option into config files
Marcin Kuzminski <marcin@python-works.com>
parents:
903
diff
changeset
|
28 |
|
1275
2723276285ae
pep8ify middlewares
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
29 |
|
204
a8ea3ce3cdc4
Created middleware package. Crated special middleware to handle https requests redirections.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
30 class HttpsFixup(object): |
|
1275
2723276285ae
pep8ify middlewares
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
31 |
|
914
110a00c181de
Added force https option into config files
Marcin Kuzminski <marcin@python-works.com>
parents:
903
diff
changeset
|
32 def __init__(self, app, config): |
|
204
a8ea3ce3cdc4
Created middleware package. Crated special middleware to handle https requests redirections.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
33 self.application = app |
|
914
110a00c181de
Added force https option into config files
Marcin Kuzminski <marcin@python-works.com>
parents:
903
diff
changeset
|
34 self.config = config |
|
903
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
35 |
|
204
a8ea3ce3cdc4
Created middleware package. Crated special middleware to handle https requests redirections.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
36 def __call__(self, environ, start_response): |
|
a8ea3ce3cdc4
Created middleware package. Crated special middleware to handle https requests redirections.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
37 self.__fixup(environ) |
|
3238
26bf9c8baad2
added HSTS headers when using SSL for RhodeCode
Marcin Kuzminski <marcin@python-works.com>
parents:
2668
diff
changeset
|
38 req = Request(environ) |
|
26bf9c8baad2
added HSTS headers when using SSL for RhodeCode
Marcin Kuzminski <marcin@python-works.com>
parents:
2668
diff
changeset
|
39 resp = req.get_response(self.application) |
|
26bf9c8baad2
added HSTS headers when using SSL for RhodeCode
Marcin Kuzminski <marcin@python-works.com>
parents:
2668
diff
changeset
|
40 if environ['wsgi.url_scheme'] == 'https': |
|
26bf9c8baad2
added HSTS headers when using SSL for RhodeCode
Marcin Kuzminski <marcin@python-works.com>
parents:
2668
diff
changeset
|
41 resp.headers['Strict-Transport-Security'] = 'max-age=8640000; includeSubDomains' |
|
26bf9c8baad2
added HSTS headers when using SSL for RhodeCode
Marcin Kuzminski <marcin@python-works.com>
parents:
2668
diff
changeset
|
42 return resp(environ, start_response) |
|
903
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
43 |
|
204
a8ea3ce3cdc4
Created middleware package. Crated special middleware to handle https requests redirections.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
44 def __fixup(self, environ): |
|
1275
2723276285ae
pep8ify middlewares
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
45 """ |
|
2723276285ae
pep8ify middlewares
Marcin Kuzminski <marcin@python-works.com>
parents:
1206
diff
changeset
|
46 Function to fixup the environ as needed. In order to use this |
|
1203
6832ef664673
source code cleanup: remove trailing white space, normalize file endings
Marcin Kuzminski <marcin@python-works.com>
parents:
914
diff
changeset
|
47 middleware you should set this header inside your |
|
204
a8ea3ce3cdc4
Created middleware package. Crated special middleware to handle https requests redirections.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
48 proxy ie. nginx, apache etc. |
|
a8ea3ce3cdc4
Created middleware package. Crated special middleware to handle https requests redirections.
Marcin Kuzminski <marcin@python-works.com>
parents:
diff
changeset
|
49 """ |
|
2668
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
50 # DETECT PROTOCOL ! |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
51 if 'HTTP_X_URL_SCHEME' in environ: |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
52 proto = environ.get('HTTP_X_URL_SCHEME') |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
53 elif 'HTTP_X_FORWARDED_SCHEME' in environ: |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
54 proto = environ.get('HTTP_X_FORWARDED_SCHEME') |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
55 elif 'HTTP_X_FORWARDED_PROTO' in environ: |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
56 proto = environ.get('HTTP_X_FORWARDED_PROTO') |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
57 else: |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
58 proto = 'http' |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
59 org_proto = proto |
|
903
04c9bb9ca6d6
code docs, updates
Marcin Kuzminski <marcin@python-works.com>
parents:
902
diff
changeset
|
60 |
|
2668
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
61 # if we have force, just override |
|
914
110a00c181de
Added force https option into config files
Marcin Kuzminski <marcin@python-works.com>
parents:
903
diff
changeset
|
62 if str2bool(self.config.get('force_https')): |
|
110a00c181de
Added force https option into config files
Marcin Kuzminski <marcin@python-works.com>
parents:
903
diff
changeset
|
63 proto = 'https' |
|
2054
787f1d157984
extended https fixup middleware.
Marcin Kuzminski <marcin@python-works.com>
parents:
1824
diff
changeset
|
64 |
|
2668
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
65 environ['wsgi.url_scheme'] = proto |
|
f0851f37d6be
Implementes #509 require SSL flag now works for both git and mercurial.
Marcin Kuzminski <marcin@python-works.com>
parents:
2109
diff
changeset
|
66 environ['wsgi._org_proto'] = org_proto |