Hotfix: Enforce https in heroku opensearch template
Heroku instances were using the base http url when formatting the opensearch.xml template. This adds a new routing utility, "needs_https", which can be used for determining if the url in question needs upgrading.main
Ben Busby
parent
5c69283e80
commit
329c38efb0
|
|
@ -66,11 +66,7 @@ def before_request_func():
|
||||||
app.user_elements.update({session['uuid']: 0})
|
app.user_elements.update({session['uuid']: 0})
|
||||||
|
|
||||||
# Handle https upgrade
|
# Handle https upgrade
|
||||||
https_only = os.getenv('HTTPS_ONLY', False)
|
if needs_https(request.url):
|
||||||
is_heroku = request.url.endswith('.herokuapp.com')
|
|
||||||
is_http = request.url.startswith('http://')
|
|
||||||
|
|
||||||
if (is_heroku and is_http) or (https_only and is_http):
|
|
||||||
return redirect(
|
return redirect(
|
||||||
request.url.replace('http://', 'https://', 1),
|
request.url.replace('http://', 'https://', 1),
|
||||||
code=308)
|
code=308)
|
||||||
|
|
@ -80,7 +76,7 @@ def before_request_func():
|
||||||
if not g.user_config.url:
|
if not g.user_config.url:
|
||||||
g.user_config.url = request.url_root.replace(
|
g.user_config.url = request.url_root.replace(
|
||||||
'http://',
|
'http://',
|
||||||
'https://') if https_only else request.url_root
|
'https://') if os.getenv('HTTPS_ONLY', False) else request.url_root
|
||||||
|
|
||||||
g.user_request = Request(
|
g.user_request = Request(
|
||||||
request.headers.get('User-Agent'),
|
request.headers.get('User-Agent'),
|
||||||
|
|
@ -146,6 +142,10 @@ def opensearch():
|
||||||
if opensearch_url.endswith('/'):
|
if opensearch_url.endswith('/'):
|
||||||
opensearch_url = opensearch_url[:-1]
|
opensearch_url = opensearch_url[:-1]
|
||||||
|
|
||||||
|
# Enforce https for opensearch template
|
||||||
|
if needs_https(opensearch_url):
|
||||||
|
opensearch_url = opensearch_url.replace('http://', 'https://', 1)
|
||||||
|
|
||||||
get_only = g.user_config.get_only or 'Chrome' in request.headers.get(
|
get_only = g.user_config.get_only or 'Chrome' in request.headers.get(
|
||||||
'User-Agent')
|
'User-Agent')
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,10 +5,19 @@ from bs4 import BeautifulSoup as bsoup
|
||||||
from cryptography.fernet import Fernet, InvalidToken
|
from cryptography.fernet import Fernet, InvalidToken
|
||||||
from flask import g
|
from flask import g
|
||||||
from typing import Any, Tuple
|
from typing import Any, Tuple
|
||||||
|
import os
|
||||||
|
|
||||||
TOR_BANNER = '<hr><h1 style="text-align: center">You are using Tor</h1><hr>'
|
TOR_BANNER = '<hr><h1 style="text-align: center">You are using Tor</h1><hr>'
|
||||||
|
|
||||||
|
|
||||||
|
def needs_https(url: str) -> bool:
|
||||||
|
https_only = os.getenv('HTTPS_ONLY', False)
|
||||||
|
is_heroku = url.endswith('.herokuapp.com')
|
||||||
|
is_http = url.startswith('http://')
|
||||||
|
|
||||||
|
return (is_heroku and is_http) or (https_only and is_http)
|
||||||
|
|
||||||
|
|
||||||
class RoutingUtils:
|
class RoutingUtils:
|
||||||
def __init__(self, request, config, session, cookies_disabled=False):
|
def __init__(self, request, config, session, cookies_disabled=False):
|
||||||
method = request.method
|
method = request.method
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue