Issue #44: Forceful scheme change to http after upgrade to 0.1

Reported by:	al zi
State:	resolved
Created on:	2014-09-29 14:17
Updated on:	2014-10-06 07:57

Description

Forcefully changes scheme from https:// to http:// while using apache as proxy in version 0.1

No such behavior in 0.0

How to reproduce:

virtualenv --no-site-packages dist/v
. dist/v/bin/activate
pip install kallithea
paster make-config Kallithea my.ini

changes in my.ini force_https = true
complete install and start

paster setup-db my.ini --user=user --email=user@example.com --password=password --repos=/tmp
paster serve my.ini &

set an apache as a proxy

<VirtualHost *:443>
        ServerName code.local.dom
        ServerAlias code.local.dom
        <Proxy *>
          Order allow,deny
          Allow from all
        </Proxy>
        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:5000/
        ProxyPassReverse / http://127.0.0.1:5000/
        SetEnvIf X-Url-Scheme https HTTPS=1
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
        SSLCertificateFile /etc/apache2/ssl.crt/star_com.crt
        SSLCertificateKeyFile /etc/apache2/ssl.key/star_com.key
</VirtualHost>

start apache
firefox https://code.local.dom
try to login (will be redirected to http)
try to logout (will be redirected to http)

Attachments

Comments

Comment by al zi, on 2014-09-29 14:18

Comment by al zi, on 2014-09-29 14:19

Comment by al zi, on 2014-09-29 14:26

As well

clone_uri = {scheme}://{user}{pass}{netloc}{path}

Always stay as http://

Comment by al zi, on 2014-09-29 14:38

So, while login/logout it sends me "302 redirect found" and rewrited location headers in 0.1

While version 0.0 send only "304 - not modified"

Comment by Mads Kiilerich, on 2014-09-29 18:00

Hm. Right. There was a typo. Please confirm this fix:

--- a/kallithea/config/middleware.py
+++ b/kallithea/config/middleware.py
@@ -92,7 +92,7 @@ def make_app(global_conf, full_stack=Tru
             app = StatusCodeRedirect(app, [400, 401, 403, 404, 500])

     #enable https redirets based on HTTP_X_URL_SCHEME set by proxy
-    if any(asbool(config.get(x)) for x in ['https_fixup', 'force_ssl', 'use_htsts']):
+    if any(asbool(config.get(x)) for x in ['https_fixup', 'force_https', 'use_htsts']):
         app = HttpsFixup(app, config)

     # Establish the Registry for this application

As a workaround, you can also set https_fixup.

Comment by al zi, on 2014-09-30 05:52

Works perfectly, thanks

Comment by al zi, on 2014-10-06 07:57

Kallithea issues archive