Files @ 43ad9c3b7d5d
Branch filter:

Location: kallithea/docs/usage/troubleshooting.rst

43ad9c3b7d5d 2.3 KiB text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw
Andrew Shadura
middleware: use secure cookies over secure connections

HTTP cookie spec defines secure cookies, which are transmitted only over secure
connections (HTTPS). Using them helps protect against some attacks, but cookies
shouldn't be made secure when we don't have HTTPS configured. As it is now, it's
left at user's discretion, but probably it's a good idea to force secure cookies
when they can be used.

In the current implementation, cookies are issued to users before they actually
try to log in, on the first page load. So if that happens over HTTPS, it's
probably safe to assume secure cookies can be used, and to default to normal
"insecure" cookies if HTTPS isn't available.

It's not easy to sneak into Beaker's internals, and it doesn't support selective
secureness, so we use our own wrapper around Beaker's SessionMiddleware class to
give secure cookies over HTTPS connections. Beaker's built-in mechanism for
secure cookies is forced to add the flag when needed only.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
.. _troubleshooting:


===============
Troubleshooting
===============

:Q: **Missing static files?**
:A: Make sure either to set the ``static_files = true`` in the .ini file or
   double check the root path for your http setup. It should point to
   for example:
   ``/home/my-virtual-python/lib/python2.7/site-packages/kallithea/public``

|

:Q: **Can't install celery/rabbitmq?**
:A: Don't worry. Kallithea works without them, too. No extra setup is required.
    Try out the great Celery docs for further help.

|

:Q: **Long lasting push timeouts?**
:A: Make sure you set a longer timeout in your proxy/fcgi settings. Timeouts
    are caused by the http server and not Kallithea.

|

:Q: **Large pushes timeouts?**
:A: Make sure you set a proper ``max_body_size`` for the http server. Very often
    Apache, Nginx, or other http servers kill the connection due to to large
    body.

|

:Q: **Apache doesn't pass basicAuth on pull/push?**
:A: Make sure you added ``WSGIPassAuthorization true``.

|

:Q: **Git fails on push/pull?**
:A: Make sure you're using a WSGI http server that can handle chunked encoding
    such as ``waitress`` or ``gunicorn``.

|

:Q: **How can I use hooks in Kallithea?**
:A: It's easy if they are Python hooks: just use advanced link in
    hooks section in Admin panel, that works only for Mercurial. If
    you want to use Git hooks, just install th proper one in the repository,
    e.g., create a file `/gitrepo/hooks/pre-receive`. You can also use
    Kallithea-extensions to connect to callback hooks, for both Git
    and Mercurial.

|

:Q: **Kallithea is slow for me, how can I make it faster?**
:A: See the :ref:`performance` section.

|

:Q: **UnicodeDecodeError on Apache mod_wsgi**
:A: Please read: https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/#if-you-get-a-unicodeencodeerror.

|

:Q: **Requests hanging on Windows**
:A: Please try out with disabled Antivirus software, there are some known problems with Eset Anitivirus. Make sure
    you have installed the latest Windows patches (especially KB2789397).


.. _virtualenv: http://pypi.python.org/pypi/virtualenv
.. _python: http://www.python.org/
.. _mercurial: http://mercurial.selenic.com/
.. _celery: http://celeryproject.org/
.. _rabbitmq: http://www.rabbitmq.com/
.. _python-ldap: http://www.python-ldap.org/
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.