1. Software Freedom Conservancy
  2. Kallithea
  3. kallithea
  4. Issues

Issues

Issue #44 resolved

Forceful scheme change to http after upgrade to 0.1

al zi
created an issue

Forcefully changes scheme from https:// to http:// while using apache as proxy in version 0.1

No such behavior in 0.0

How to reproduce:

virtualenv --no-site-packages dist/v
. dist/v/bin/activate
pip install kallithea
paster make-config Kallithea my.ini
  • changes in my.ini force_https = true

  • complete install and start

paster setup-db my.ini --user=user --email=user@example.com --password=password --repos=/tmp
paster serve my.ini &
  • set an apache as a proxy
<VirtualHost *:443>
        ServerName code.local.dom
        ServerAlias code.local.dom
        <Proxy *>
          Order allow,deny
          Allow from all
        </Proxy>
        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:5000/
        ProxyPassReverse / http://127.0.0.1:5000/
        SetEnvIf X-Url-Scheme https HTTPS=1
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
        SSLCertificateFile /etc/apache2/ssl.crt/star_com.crt
        SSLCertificateKeyFile /etc/apache2/ssl.key/star_com.key
</VirtualHost>
  • start apache

  • firefox https://code.local.dom

  • try to login (will be redirected to http)

  • try to logout (will be redirected to http)

Comments (8)

  1. al zi reporter

    So, while login/logout it sends me "302 redirect found" and rewrited location headers in 0.1

    While version 0.0 send only "304 - not modified"

  2. Mads Kiilerich

    Hm. Right. There was a typo. Please confirm this fix:

    --- a/kallithea/config/middleware.py
    +++ b/kallithea/config/middleware.py
    @@ -92,7 +92,7 @@ def make_app(global_conf, full_stack=Tru
                 app = StatusCodeRedirect(app, [400, 401, 403, 404, 500])
    
         #enable https redirets based on HTTP_X_URL_SCHEME set by proxy
    -    if any(asbool(config.get(x)) for x in ['https_fixup', 'force_ssl', 'use_htsts']):
    +    if any(asbool(config.get(x)) for x in ['https_fixup', 'force_https', 'use_htsts']):
             app = HttpsFixup(app, config)
    
         # Establish the Registry for this application
    

    As a workaround, you can also set https_fixup.

  3. Log in to comment