[ce] Check that HTTPS fixup middleware wraps also pyramid views.
MarcinK reported that the redirect after logging in via the quick login box points him from HTTPS -> HTTP.
Normally the HTTPS fixup middleware should handle this.
We shortly migrated the login view from pylons to pyramid. Maybe the middleware only wraps pylons views and not pyramid views.
Updated by Marcin Kuzminski [CTO] over 5 years ago
One important note:
- enabling proxy-prefix middleware actually solves the problem. We believe that we should always enable this as it's a good default with an empty prefix.
We should check what custom logic is inside the SSL wrapper, and if we still need-it or things can be actually fixed by using proxy-prefix.
Updated by Johannes Bornhold over 5 years ago
- It is included in
make_appwhich is producing the pylons app, this means it is for sure not active for the pyramid app.
- Moving it up in the stack could already restore the old behavior.
- Inspection of the implementation
- It appends htsts headers
- It applies changes to the environ if it detects SSL
- Moving it up should restore the old behavior, then we are fixed.
- Improving things can be done in a later step.