Redirect from HTTPS to HTTP on Comment Submit

Issue #740 invalid
Andrew Hamilton created an issue

If you navigate to a changeset using HTTPS, when you submit a comment, the server returns a 302 to http://<url>; rather than maintaining https://<url>;. This is a big problem on our server since we are not serving RhodeCode over HTTP, just HTTPS.

Comments (4)

  1. Marcin Kuzminski repo owner

    It uses standard pylons redirect method, if that fails to detect you're using HTTPS it redirects to HTTP, you can do two things, set force_https in .ini file (that will basically force https redirections) OR more proper way, set proper headers so RhodeCode can detect it's using https. Those headers used for detection of scheme are:

    HTTP_X_URL_SCHEME
    HTTP_X_FORWARDED_SCHEME
    HTTP_X_FORWARDED_PROTO
    

    in order how RhodeCode checks them

  2. Andrew Hamilton reporter

    Sorry, I missed that setting during the last upgrade. On that point, the last couple of times I've done an update, when I get to the step of

    paster make-config RhodeCode production.ini
    

    I only get two options: keep the config that I have or use the brand new with all of the default options set. Is there not a way to merge these two together? (Looks like I had force_https set before but I missed manually adding it back because I picked the new config option.)

  3. Marcin Kuzminski repo owner

    Unfortunetly the merging functionality for those ini files is really limited. You have to diff it yourself, or set the headers properly, and forget about that flag

  4. Log in to comment