Project

General

Profile

Bug #4010

[ce] Check that HTTPS fixup middleware wraps also pyramid views.

Added by Martin Bornhold over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
High
Category:
-
Target version:
Start date:
10.06.2016
Due date:
% Done:

0%

Estimated time:
Sorting:
Commit Number:
Affected Version:

Description

MarcinK reported that the redirect after logging in via the quick login box points him from HTTPS -> HTTP.
Normally the HTTPS fixup middleware should handle this.

We shortly migrated the login view from pylons to pyramid. Maybe the middleware only wraps pylons views and not pyramid views.

History

#1 Updated by Marcin Kuzminski [staff] over 3 years ago

  • Target version changed from v4.1 to v4.2

#2 Updated by Marcin Kuzminski [staff] over 3 years ago

  • Priority changed from Normal to High

Bumping priority for that as it might be really problematic regressions for some cases when you don't do http -> https redirect, and it's a regressions actually.

#3 Updated by Marcin Kuzminski [staff] over 3 years ago

One important note:

  • enabling proxy-prefix middleware actually solves the problem. We believe that we should always enable this as it's a good default with an empty prefix.

We should check what custom logic is inside the SSL wrapper, and if we still need-it or things can be actually fixed by using proxy-prefix.

#4 Updated by Johannes Bornhold over 3 years ago

  • Assignee set to Johannes Bornhold
  • Status changed from New to In Progress

#5 Updated by Johannes Bornhold over 3 years ago

Ok, here we go:

  • First investigations to understand what we have here
  • Maybe only proxy prefix middleware
  • Otherwise plain fix

#6 Updated by Johannes Bornhold over 3 years ago

Investigation details

  • It is included in make_app which is producing the pylons app, this means it is for sure not active for the pyramid app.
  • Moving it up in the stack could already restore the old behavior.
  • Inspection of the implementation
    • rhodecode/lib/middleware/https_fixup.py
    • It appends htsts headers
    • It applies changes to the environ if it detects SSL
    • Conclusion:
      • Moving it up should restore the old behavior, then we are fixed.
      • Improving things can be done in a later step.

#8 Updated by Johannes Bornhold over 3 years ago

  • Status changed from In Progress to Resolved

#9 Updated by Marcin Kuzminski [staff] over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF