[ce] Check that HTTPS fixup middleware wraps also pyramid views.
MarcinK reported that the redirect after logging in via the quick login box points him from HTTPS -> HTTP.
Normally the HTTPS fixup middleware should handle this.
We shortly migrated the login view from pylons to pyramid. Maybe the middleware only wraps pylons views and not pyramid views.
#3 Updated by Marcin Kuzminski [staff] over 3 years ago
One important note:
- enabling proxy-prefix middleware actually solves the problem. We believe that we should always enable this as it's a good default with an empty prefix.
We should check what custom logic is inside the SSL wrapper, and if we still need-it or things can be actually fixed by using proxy-prefix.
#6 Updated by Johannes Bornhold over 3 years ago
- It is included in
make_appwhich is producing the pylons app, this means it is for sure not active for the pyramid app.
- Moving it up in the stack could already restore the old behavior.
- Inspection of the implementation
- It appends htsts headers
- It applies changes to the environ if it detects SSL
- Moving it up should restore the old behavior, then we are fixed.
- Improving things can be done in a later step.