From 329c38efb0d37fdd2cb5e2a9cbf072d53760e0f8 Mon Sep 17 00:00:00 2001 From: Ben Busby Date: Sat, 23 Jan 2021 14:50:30 -0500 Subject: [PATCH] Hotfix: Enforce https in heroku opensearch template Heroku instances were using the base http url when formatting the opensearch.xml template. This adds a new routing utility, "needs_https", which can be used for determining if the url in question needs upgrading. --- app/routes.py | 12 ++++++------ app/utils/routing_utils.py | 9 +++++++++ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/app/routes.py b/app/routes.py index d2d446c..b175d77 100644 --- a/app/routes.py +++ b/app/routes.py @@ -66,11 +66,7 @@ def before_request_func(): app.user_elements.update({session['uuid']: 0}) # Handle https upgrade - https_only = os.getenv('HTTPS_ONLY', False) - is_heroku = request.url.endswith('.herokuapp.com') - is_http = request.url.startswith('http://') - - if (is_heroku and is_http) or (https_only and is_http): + if needs_https(request.url): return redirect( request.url.replace('http://', 'https://', 1), code=308) @@ -80,7 +76,7 @@ def before_request_func(): if not g.user_config.url: g.user_config.url = request.url_root.replace( 'http://', - 'https://') if https_only else request.url_root + 'https://') if os.getenv('HTTPS_ONLY', False) else request.url_root g.user_request = Request( request.headers.get('User-Agent'), @@ -146,6 +142,10 @@ def opensearch(): if opensearch_url.endswith('/'): opensearch_url = opensearch_url[:-1] + # Enforce https for opensearch template + if needs_https(opensearch_url): + opensearch_url = opensearch_url.replace('http://', 'https://', 1) + get_only = g.user_config.get_only or 'Chrome' in request.headers.get( 'User-Agent') diff --git a/app/utils/routing_utils.py b/app/utils/routing_utils.py index 3822d48..55a6253 100644 --- a/app/utils/routing_utils.py +++ b/app/utils/routing_utils.py @@ -5,10 +5,19 @@ from bs4 import BeautifulSoup as bsoup from cryptography.fernet import Fernet, InvalidToken from flask import g from typing import Any, Tuple +import os TOR_BANNER = '

You are using Tor


' +def needs_https(url: str) -> bool: + https_only = os.getenv('HTTPS_ONLY', False) + is_heroku = url.endswith('.herokuapp.com') + is_http = url.startswith('http://') + + return (is_heroku and is_http) or (https_only and is_http) + + class RoutingUtils: def __init__(self, request, config, session, cookies_disabled=False): method = request.method