| Message ID | 1381502850-20246-1-git-send-email-mricon@kernel.org |
|---|---|
| State | Accepted |
| Headers | show |
Hi Konstantin, > In situations where SSL is terminated at the load-balancer, we cannot > rely on guessing the scheme based on whether patchwork itself was > accessed via http or https, since the last-leg is always going to be > done over http. > > Unfortunately, wrongly using http:// URLs results in unusable > .pwclientrc files, since xmlrpc does not handle http->https redirects > and instead displays a traceback. > > This change introduces a FORCE_HTTPS_LINKS option, which forces > pwclientrc links to always return "https" regardless of how the project > itself is accessed. Great, thanks for the contribution. I've merged your patch. > It appears that the http/https check is currently only used for > generating pwclientrc -- a lot of other places seem to hardcode > "http://" and rely on the server to transparently upgrade the > connection. This is not a secure approach (it allows for MITM and > SSL-Strip attacks) and therefore all places currently hardcoding > http://{{site.domain}} and similar should be switched to using the > "sheme" variable, the same as done for generating pwclientrc files. Yep, I'd agree. I'll add this to my TODO (unless you beat me to it!) Cheers, Jeremy
diff --git a/apps/patchwork/views/base.py b/apps/patchwork/views/base.py index 82c0368..6b54a9b 100644 --- a/apps/patchwork/views/base.py +++ b/apps/patchwork/views/base.py @@ -42,7 +42,7 @@ def pwclientrc(request, project_id): project = get_object_or_404(Project, linkname = project_id) context = PatchworkRequestContext(request) context.project = project - if request.is_secure(): + if settings.FORCE_HTTPS_LINKS or request.is_secure(): context['scheme'] = 'https' else: context['scheme'] = 'http' diff --git a/apps/settings.py b/apps/settings.py index 537c380..43a37d8 100644 --- a/apps/settings.py +++ b/apps/settings.py @@ -114,6 +114,11 @@ ENABLE_XMLRPC = False # of patchwork COMPAT_REDIR = True +# Set to True to always generate https:// links instead of guessing +# the scheme based on current access. This is useful if SSL protocol +# is terminated upstream of the server (e.g. at the load balancer) +FORCE_HTTPS_LINKS = False + try: from local_settings import * except ImportError, ex:
In situations where SSL is terminated at the load-balancer, we cannot rely on guessing the scheme based on whether patchwork itself was accessed via http or https, since the last-leg is always going to be done over http. Unfortunately, wrongly using http:// URLs results in unusable .pwclientrc files, since xmlrpc does not handle http->https redirects and instead displays a traceback. This change introduces a FORCE_HTTPS_LINKS option, which forces pwclientrc links to always return "https" regardless of how the project itself is accessed. It appears that the http/https check is currently only used for generating pwclientrc -- a lot of other places seem to hardcode "http://" and rely on the server to transparently upgrade the connection. This is not a secure approach (it allows for MITM and SSL-Strip attacks) and therefore all places currently hardcoding http://{{site.domain}} and similar should be switched to using the "sheme" variable, the same as done for generating pwclientrc files. --- apps/patchwork/views/base.py | 2 +- apps/settings.py | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-)