kallithea Changeset - c394a564ab71

Changeset - c394a564ab71

Parent rev.

Child rev.

[Not reviewed]

beta

0 4 0

Marcin Kuzminski - 13 years ago 2013-02-10 20:35:35
marcin@python-works.com

make the htsts headers optional and stored in .ini file.
also don't use it with DEBUG

4 files changed with 19 insertions and 5 deletions:

development.ini

production.ini

rhodecode/config/deployment.ini_tmpl

rhodecode/lib/middleware/https_fixup.py

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -63,13 +63,16 @@ static_files = true @@
 lang = en
 cache_dir = %(here)s/data
 index_dir = %(here)s/data/index
 app_instance_uuid = rc-develop
 cut_off_limit = 256000
 vcs_full_cache = True
 # force https in RhodeCode, fixes https redirects, assumes it's always https
 force_https = false
 # use Strict-Transport-Security headers
 use_htsts = false
 commit_parse_limit = 25
 # number of items displayed in lightweight dashboard before paginating
 dashboard_items = 100
 use_gravatar = true
 ## RSS feed options

production.ini

➞

Show inline comments

@@ @@ -63,13 +63,16 @@ static_files = true @@
 lang = en
 cache_dir = %(here)s/data
 index_dir = %(here)s/data/index
 app_instance_uuid = rc-production
 cut_off_limit = 256000
 vcs_full_cache = True
 # force https in RhodeCode, fixes https redirects, assumes it's always https
 force_https = false
 # use Strict-Transport-Security headers
 use_htsts = false
 commit_parse_limit = 50
 # number of items displayed in lightweight dashboard before paginating
 dashboard_items = 100
 use_gravatar = true
 ## RSS feed options

rhodecode/config/deployment.ini_tmpl

➞

Show inline comments

@@ @@ -63,13 +63,16 @@ static_files = true @@
 lang = en
 cache_dir = %(here)s/data
 index_dir = %(here)s/data/index
 app_instance_uuid = ${app_instance_uuid}
 cut_off_limit = 256000
 vcs_full_cache = True
 # force https in RhodeCode, fixes https redirects, assumes it's always https
 force_https = false
 # use Strict-Transport-Security headers
 use_htsts = false
 commit_parse_limit = 50
 # number of items displayed in lightweight dashboard before paginating
 dashboard_items = 100
 use_gravatar = true
 ## RSS feed options

rhodecode/lib/middleware/https_fixup.py

➞

Show inline comments

@@ @@ -32,17 +32,22 @@ class HttpsFixup(object): @@
     def __init__(self, app, config):
         self.application = app
         self.config = config
     def __call__(self, environ, start_response):
         self.__fixup(environ)
         req = Request(environ)
         resp = req.get_response(self.application)
         if environ['wsgi.url_scheme'] == 'https':
             resp.headers['Strict-Transport-Security'] = 'max-age=8640000; includeSubDomains'
         return resp(environ, start_response)
         debug = str2bool(self.config.get('debug'))
         if str2bool(self.config.get('use_htsts')) and not debug:
             req = Request(environ, self.application)
             resp = req.get_response(self.application)
             if environ['wsgi.url_scheme'] == 'https':
                 resp.headers['Strict-Transport-Security'] = \
                     'max-age=8640000; includeSubDomains'
             return resp(environ, start_response)
         return self.application(environ, start_response)
     def __fixup(self, environ):
         """
         Function to fixup the environ as needed. In order to use this
         middleware you should set this header inside your
         proxy ie. nginx, apache etc.

0 comments (0 inline, 0 general)