Project

General

Profile

Actions
Copy link

Bug #4010

closed

[ce] Check that HTTPS fixup middleware wraps also pyramid views.

Added by Martin Bornhold over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
High
Assignee:
Johannes Bornhold
Category:
-
Target version:
v4.2
Start date:
10.06.2016
Due date:
% Done:

0%

Estimated time:
Sorting:
Commit Number:
Affected Version:

Description

MarcinK reported that the redirect after logging in via the quick login box points him from HTTPS -> HTTP.
Normally the HTTPS fixup middleware should handle this.

We shortly migrated the login view from pylons to pyramid. Maybe the middleware only wraps pylons views and not pyramid views.

Actions
Copy link
 #1

Updated by Marcin Kuzminski [CTO] over 8 years ago

  • Target version changed from v4.1 to v4.2
Actions
Copy link
 #2

Updated by Marcin Kuzminski [CTO] over 8 years ago

  • Priority changed from Normal to High

Bumping priority for that as it might be really problematic regressions for some cases when you don't do http -> https redirect, and it's a regressions actually.

Actions
Copy link
 #3

Updated by Marcin Kuzminski [CTO] over 8 years ago

One important note:

  • enabling proxy-prefix middleware actually solves the problem. We believe that we should always enable this as it's a good default with an empty prefix.

We should check what custom logic is inside the SSL wrapper, and if we still need-it or things can be actually fixed by using proxy-prefix.

Actions
Copy link
 #4

Updated by Johannes Bornhold over 8 years ago

  • Status changed from New to In Progress
  • Assignee set to Johannes Bornhold
Actions
Copy link
 #5

Updated by Johannes Bornhold over 8 years ago

Ok, here we go:

  • First investigations to understand what we have here
  • Maybe only proxy prefix middleware
  • Otherwise plain fix
Actions
Copy link
 #6

Updated by Johannes Bornhold over 8 years ago

Investigation details

  • It is included in make_app which is producing the pylons app, this means it is for sure not active for the pyramid app.
  • Moving it up in the stack could already restore the old behavior.
  • Inspection of the implementation
    • rhodecode/lib/middleware/https_fixup.py
    • It appends htsts headers
    • It applies changes to the environ if it detects SSL
    • Conclusion:
      • Moving it up should restore the old behavior, then we are fixed.
      • Improving things can be done in a later step.
Actions
Copy link
 #8

Updated by Johannes Bornhold over 8 years ago

  • Status changed from In Progress to Resolved
Actions
Copy link
 #9

Updated by Marcin Kuzminski [CTO] over 8 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF