Mercurial > kallithea

changeset 3359:c394a564ab71 beta

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
make the htsts headers optional and stored in .ini file. also don't use it with DEBUG
author Marcin Kuzminski <marcin@python-works.com>
date Sun, 10 Feb 2013 20:35:35 +0100
parents 321ca2e69004
children 85f69bf84d95
files development.ini production.ini rhodecode/config/deployment.ini_tmpl rhodecode/lib/middleware/https_fixup.py
diffstat 4 files changed, 19 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/development.ini	Sun Feb 10 17:52:29 2013 +0100
+++ b/development.ini	Sun Feb 10 20:35:35 2013 +0100
@@ -66,7 +66,10 @@
 app_instance_uuid = rc-develop
 cut_off_limit = 256000
 vcs_full_cache = True
+# force https in RhodeCode, fixes https redirects, assumes it's always https
 force_https = false
+# use Strict-Transport-Security headers
+use_htsts = false
 commit_parse_limit = 25
 # number of items displayed in lightweight dashboard before paginating
 dashboard_items = 100
--- a/production.ini	Sun Feb 10 17:52:29 2013 +0100
+++ b/production.ini	Sun Feb 10 20:35:35 2013 +0100
@@ -66,7 +66,10 @@
 app_instance_uuid = rc-production
 cut_off_limit = 256000
 vcs_full_cache = True
+# force https in RhodeCode, fixes https redirects, assumes it's always https
 force_https = false
+# use Strict-Transport-Security headers
+use_htsts = false
 commit_parse_limit = 50
 # number of items displayed in lightweight dashboard before paginating
 dashboard_items = 100
--- a/rhodecode/config/deployment.ini_tmpl	Sun Feb 10 17:52:29 2013 +0100
+++ b/rhodecode/config/deployment.ini_tmpl	Sun Feb 10 20:35:35 2013 +0100
@@ -66,7 +66,10 @@
 app_instance_uuid = ${app_instance_uuid}
 cut_off_limit = 256000
 vcs_full_cache = True
+# force https in RhodeCode, fixes https redirects, assumes it's always https
 force_https = false
+# use Strict-Transport-Security headers
+use_htsts = false
 commit_parse_limit = 50
 # number of items displayed in lightweight dashboard before paginating
 dashboard_items = 100
--- a/rhodecode/lib/middleware/https_fixup.py	Sun Feb 10 17:52:29 2013 +0100
+++ b/rhodecode/lib/middleware/https_fixup.py	Sun Feb 10 20:35:35 2013 +0100
@@ -35,11 +35,16 @@
 
     def __call__(self, environ, start_response):
         self.__fixup(environ)
-        req = Request(environ)
-        resp = req.get_response(self.application)
-        if environ['wsgi.url_scheme'] == 'https':
-            resp.headers['Strict-Transport-Security'] = 'max-age=8640000; includeSubDomains'
-        return resp(environ, start_response)
+        debug = str2bool(self.config.get('debug'))
+        if str2bool(self.config.get('use_htsts')) and not debug:
+            req = Request(environ, self.application)
+            resp = req.get_response(self.application)
+            if environ['wsgi.url_scheme'] == 'https':
+                resp.headers['Strict-Transport-Security'] = \
+                    'max-age=8640000; includeSubDomains'
+            return resp(environ, start_response)
+
+        return self.application(environ, start_response)
 
     def __fixup(self, environ):
         """