Hotfix: Enforce https in heroku opensearch template

Heroku instances were using the base http url when formatting the
opensearch.xml template. This adds a new routing utility, "needs_https",
which can be used for determining if the url in question needs
upgrading.
main
Ben Busby 2021-01-23 14:50:30 -05:00
parent 5c69283e80
commit 329c38efb0
No known key found for this signature in database
GPG Key ID: 3B08611DF6E62ED2
2 changed files with 15 additions and 6 deletions

View File

@ -66,11 +66,7 @@ def before_request_func():
app.user_elements.update({session['uuid']: 0})
# Handle https upgrade
https_only = os.getenv('HTTPS_ONLY', False)
is_heroku = request.url.endswith('.herokuapp.com')
is_http = request.url.startswith('http://')
if (is_heroku and is_http) or (https_only and is_http):
if needs_https(request.url):
return redirect(
request.url.replace('http://', 'https://', 1),
code=308)
@ -80,7 +76,7 @@ def before_request_func():
if not g.user_config.url:
g.user_config.url = request.url_root.replace(
'http://',
'https://') if https_only else request.url_root
'https://') if os.getenv('HTTPS_ONLY', False) else request.url_root
g.user_request = Request(
request.headers.get('User-Agent'),
@ -146,6 +142,10 @@ def opensearch():
if opensearch_url.endswith('/'):
opensearch_url = opensearch_url[:-1]
# Enforce https for opensearch template
if needs_https(opensearch_url):
opensearch_url = opensearch_url.replace('http://', 'https://', 1)
get_only = g.user_config.get_only or 'Chrome' in request.headers.get(
'User-Agent')

View File

@ -5,10 +5,19 @@ from bs4 import BeautifulSoup as bsoup
from cryptography.fernet import Fernet, InvalidToken
from flask import g
from typing import Any, Tuple
import os
TOR_BANNER = '<hr><h1 style="text-align: center">You are using Tor</h1><hr>'
def needs_https(url: str) -> bool:
https_only = os.getenv('HTTPS_ONLY', False)
is_heroku = url.endswith('.herokuapp.com')
is_http = url.startswith('http://')
return (is_heroku and is_http) or (https_only and is_http)
class RoutingUtils:
def __init__(self, request, config, session, cookies_disabled=False):
method = request.method