From f77b7de90c0c5d41e8bed269625b16b98a180a72 Mon Sep 17 00:00:00 2001 From: Daniel Grams Date: Tue, 2 Mar 2021 11:52:47 +0100 Subject: [PATCH] Proxy handling #131 --- project/__init__.py | 8 ++++++++ project/reverse_proxied.py | 14 ++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 project/reverse_proxied.py diff --git a/project/__init__.py b/project/__init__.py index 4dea175..b3f3f1d 100644 --- a/project/__init__.py +++ b/project/__init__.py @@ -29,6 +29,14 @@ app.config["SECURITY_EMAIL_SENDER"] = os.getenv("MAIL_DEFAULT_SENDER") app.config["LANGUAGES"] = ["en", "de"] app.config["SERVER_NAME"] = os.getenv("SERVER_NAME") +# Proxy handling +if os.getenv("PREFERRED_URL_SCHEME"): # pragma: no cover + app.config["PREFERRED_URL_SCHEME"] = os.getenv("PREFERRED_URL_SCHEME") + +from project.reverse_proxied import ReverseProxied + +app.wsgi_app = ReverseProxied(app.wsgi_app) + # Generate a nice key using secrets.token_urlsafe() app.config["SECRET_KEY"] = os.environ.get( "SECRET_KEY", "pf9Wkove4IKEAXvy-cQkeDPhv9Cb3Ag-wyJILbq_dFw" diff --git a/project/reverse_proxied.py b/project/reverse_proxied.py new file mode 100644 index 0000000..c8b6be7 --- /dev/null +++ b/project/reverse_proxied.py @@ -0,0 +1,14 @@ +from project import app + + +class ReverseProxied(object): + def __init__(self, app): + self.app = app + + def __call__(self, environ, start_response): + # if one of x_forwarded or preferred_url is https, prefer it. + forwarded_scheme = environ.get("HTTP_X_FORWARDED_PROTO", None) + preferred_scheme = app.config.get("PREFERRED_URL_SCHEME", None) + if "https" in [forwarded_scheme, preferred_scheme]: # pragma: no cover + environ["wsgi.url_scheme"] = "https" + return self.app(environ, start_response)