Fix incorrect redirect protocol used by Flask
Flask's `request.url` uses `http` as the protocol, which breaks instances that enforce `https`, since the session redirect relies on `request.url` for the follow-through URL. This introduces a new method for determining the correct URL to use for these redirects by automatically replacing the protocol with `https` if the `HTTPS_ONLY` env var is set for that instance. Fixes #538 Fixes #545main
parent
0c5578937e
commit
6f5f3d8ca7
|
@ -14,7 +14,7 @@ from app.models.config import Config
|
||||||
from app.models.endpoint import Endpoint
|
from app.models.endpoint import Endpoint
|
||||||
from app.request import Request, TorError
|
from app.request import Request, TorError
|
||||||
from app.utils.bangs import resolve_bang
|
from app.utils.bangs import resolve_bang
|
||||||
from app.utils.misc import read_config_bool, get_client_ip
|
from app.utils.misc import read_config_bool, get_client_ip, get_request_url
|
||||||
from app.utils.results import add_ip_card
|
from app.utils.results import add_ip_card
|
||||||
from app.utils.results import bold_search_terms
|
from app.utils.results import bold_search_terms
|
||||||
from app.utils.search import *
|
from app.utils.search import *
|
||||||
|
@ -120,7 +120,7 @@ def before_request_func():
|
||||||
return redirect(url_for(
|
return redirect(url_for(
|
||||||
'session_check',
|
'session_check',
|
||||||
session_id=session['uuid'],
|
session_id=session['uuid'],
|
||||||
follow=request.url), code=307)
|
follow=get_request_url(request.url)), code=307)
|
||||||
else:
|
else:
|
||||||
g.user_config = Config(**session['config'])
|
g.user_config = Config(**session['config'])
|
||||||
elif 'cookies_disabled' not in request.args:
|
elif 'cookies_disabled' not in request.args:
|
||||||
|
@ -134,13 +134,11 @@ def before_request_func():
|
||||||
g.user_config = Config(**default_config)
|
g.user_config = Config(**default_config)
|
||||||
|
|
||||||
if not g.user_config.url:
|
if not g.user_config.url:
|
||||||
g.user_config.url = request.url_root.replace(
|
g.user_config.url = get_request_url(request.url_root)
|
||||||
'http://',
|
|
||||||
'https://') if os.getenv('HTTPS_ONLY', False) else request.url_root
|
|
||||||
|
|
||||||
g.user_request = Request(
|
g.user_request = Request(
|
||||||
request.headers.get('User-Agent'),
|
request.headers.get('User-Agent'),
|
||||||
request.url_root,
|
get_request_url(request.url_root),
|
||||||
config=g.user_config)
|
config=g.user_config)
|
||||||
|
|
||||||
g.app_location = g.user_config.url
|
g.app_location = g.user_config.url
|
||||||
|
|
|
@ -23,3 +23,10 @@ def get_client_ip(r: Request) -> str:
|
||||||
return r.environ['REMOTE_ADDR']
|
return r.environ['REMOTE_ADDR']
|
||||||
else:
|
else:
|
||||||
return r.environ['HTTP_X_FORWARDED_FOR']
|
return r.environ['HTTP_X_FORWARDED_FOR']
|
||||||
|
|
||||||
|
|
||||||
|
def get_request_url(url: str) -> str:
|
||||||
|
if os.getenv('HTTPS_ONLY', False):
|
||||||
|
return url.replace('http://', 'https://', 1)
|
||||||
|
|
||||||
|
return url
|
||||||
|
|
Loading…
Reference in New Issue