Fix heroku https upgrade, add funding options

Heroku app instances have been notoriously bad at having the instance
automatically upgraded to https. This adds a step in the before request
decorator to always upgrade heroku apps, since they're always deployed
with the certificate, but never configured to upgrade automatically.

Fixes 
main
Ben Busby 2020-12-05 15:51:06 -05:00
parent 54109874fb
commit 44a5da1895
No known key found for this signature in database
GPG Key ID: 3B08611DF6E62ED2
2 changed files with 13 additions and 2 deletions

9
.github/FUNDING.yml vendored Normal file
View File

@ -0,0 +1,9 @@
# These are supported funding model platforms
github: benbusby
ko_fi: benbusby
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

View File

@ -57,10 +57,12 @@ def before_request_func():
if session['uuid'] not in app.user_elements:
app.user_elements.update({session['uuid']: 0})
# Always redirect to https if HTTPS_ONLY is set (otherwise default to False)
# Handle https upgrade
https_only = os.getenv('HTTPS_ONLY', False)
is_heroku = request.url.endswith('.herokuapp.com')
is_http = request.url.startswith('http://')
if https_only and request.url.startswith('http://'):
if (is_heroku and is_http) or (https_only and is_http):
return redirect(request.url.replace('http://', 'https://', 1), code=308)
g.user_config = Config(**session['config'])