# HG changeset patch # User Sylvain Thénault # Date 1485165741 -3600 # Node ID 4516c3956d46ac09e2c66d01324d55e996dca9a4 # Parent c9e6df20e5a45289a9046f9743192165b5a821ed Drop support for https-url in all-in-one.conf This feature allowing an instance to have both anonymous and authenticated (https) url is not used anymore, let's drop it. diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/devtools/fake.py --- a/cubicweb/devtools/fake.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/devtools/fake.py Mon Jan 23 11:02:21 2017 +0100 @@ -34,7 +34,6 @@ class FakeConfig(dict, BaseApptestConfiguration): translations = {} uiprops = {} - https_uiprops = {} apphome = None debugmode = False def __init__(self, appid='data', apphome=None, cubes=()): @@ -46,7 +45,6 @@ self['base-url'] = BASE_URL self['rql-cache-size'] = 3000 self.datadir_url = BASE_URL + 'data/' - self.https_datadir_url = (BASE_URL + 'data/').replace('http://', 'https://') def cubes(self, expand=False): return self._cubes @@ -69,7 +67,6 @@ def __init__(self, *args, **kwargs): if not (args or 'vreg' in kwargs): kwargs['vreg'] = FakeCWRegistryStore(FakeConfig(), initlog=False) - kwargs['https'] = False self._http_method = kwargs.pop('method', 'GET') self._url = kwargs.pop('url', None) if self._url is None: diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/etwist/request.py --- a/cubicweb/etwist/request.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/etwist/request.py Mon Jan 23 11:02:21 2017 +0100 @@ -26,10 +26,10 @@ """ from twisted .req to cubicweb .form req.files are put into .form[] """ - def __init__(self, req, vreg, https): + def __init__(self, req, vreg): self._twreq = req super(CubicWebTwistedRequestAdapter, self).__init__( - vreg, https, req.args, headers=req.received_headers) + vreg, req.args, headers=req.received_headers) for key, name_stream_list in req.files.items(): for name, stream in name_stream_list: if name is not None: diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/etwist/server.py --- a/cubicweb/etwist/server.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/etwist/server.py Mon Jan 23 11:02:21 2017 +0100 @@ -57,7 +57,6 @@ # checks done before daemonization (eg versions consistency) self.appli = CubicWebPublisher(repo, config) self.base_url = config['base-url'] - self.https_url = config['https-url'] global MAX_POST_LENGTH MAX_POST_LENGTH = config['max-post-length'] @@ -104,8 +103,6 @@ # reload modified files in debug mode if self.config.debugmode: self.config.uiprops.reload_if_needed() - if self.https_url: - self.config.https_uiprops.reload_if_needed() self.appli.vreg.reload_if_needed() if self.config['profile']: # default profiler don't trace threads return self.render_request(request) @@ -130,18 +127,11 @@ def _render_request(self, request): origpath = request.path host = request.host - # dual http/https access handling: expect a rewrite rule to prepend - # 'https' to the path to detect https access - https = False - if origpath.split('/', 2)[1] == 'https': - origpath = origpath[6:] - request.uri = request.uri[6:] - https = True if self.url_rewriter is not None: # XXX should occur before authentication? path = self.url_rewriter.rewrite(host, origpath, request) request.uri.replace(origpath, path, 1) - req = CubicWebTwistedRequestAdapter(request, self.appli.vreg, https) + req = CubicWebTwistedRequestAdapter(request, self.appli.vreg) try: ### Try to generate the actual request content content = self.appli.handle_request(req) diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/etwist/service.py --- a/cubicweb/etwist/service.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/etwist/service.py Mon Jan 23 11:02:21 2017 +0100 @@ -82,8 +82,7 @@ config.debugmode = False logger.info('starting cubicweb instance %s ', self.instance) config.info('clear ui caches') - for cachedir in ('uicache', 'uicachehttps'): - rm(join(config.appdatahome, cachedir, '*')) + rm(join(config.appdatahome, 'uicache', '*')) root_resource = CubicWebRootResource(config, config.repository()) website = server.Site(root_resource) # serve it via standard HTTP on port set in the configuration diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/pyramid/bwcompat.py --- a/cubicweb/pyramid/bwcompat.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/pyramid/bwcompat.py Mon Jan 23 11:02:21 2017 +0100 @@ -53,10 +53,6 @@ CubicWebPublisher.core_handle do """ - # XXX The main handler of CW forbid anonymous https connections - # I guess we can drop this "feature" but in doubt I leave this comment - # so we don't forget about it. (cdevienne) - req = request.cw_request vreg = request.registry['cubicweb.registry'] @@ -170,10 +166,6 @@ self.cwhandler = registry['cubicweb.handler'] def __call__(self, request): - if request.path.startswith('/https/'): - request.environ['PATH_INFO'] = request.environ['PATH_INFO'][6:] - assert not request.path.startswith('/https/') - request.scheme = 'https' try: response = self.handler(request) except httpexceptions.HTTPNotFound: diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/pyramid/core.py --- a/cubicweb/pyramid/core.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/pyramid/core.py Mon Jan 23 11:02:21 2017 +0100 @@ -126,12 +126,11 @@ self.path = request.upath_info vreg = request.registry['cubicweb.registry'] - https = request.scheme == 'https' post = request.params.mixed() headers_in = request.headers - super(CubicWebPyramidRequest, self).__init__(vreg, https, post, + super(CubicWebPyramidRequest, self).__init__(vreg, post, headers=headers_in) self.content = request.body_file_seekable @@ -157,9 +156,6 @@ else: self.form[param] = val - def is_secure(self): - return self._request.scheme == 'https' - def relative_path(self, includeparams=True): path = self._request.path[1:] if includeparams and self._request.query_string: diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/pyramid/test/__init__.py --- a/cubicweb/pyramid/test/__init__.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/pyramid/test/__init__.py Mon Jan 23 11:02:21 2017 +0100 @@ -11,10 +11,7 @@ @classmethod def init_config(cls, config): super(PyramidCWTest, cls).init_config(config) - config.global_set_option('https-url', 'https://localhost.local/') config.global_set_option('anonymous-user', 'anon') - config.https_uiprops = None - config.https_datadir_url = None def setUp(self): # Skip CubicWebTestTC setUp diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/pyramid/test/test_bw_request.py --- a/cubicweb/pyramid/test/test_bw_request.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/pyramid/test/test_bw_request.py Mon Jan 23 11:02:21 2017 +0100 @@ -33,24 +33,6 @@ self.assertEqual(b'some content', req.content.read()) - def test_http_scheme(self): - req = CubicWebPyramidRequest( - self.make_request('/', { - 'wsgi.url_scheme': 'http'})) - - self.assertFalse(req.https) - - def test_https_scheme(self): - req = CubicWebPyramidRequest( - self.make_request('/', { - 'wsgi.url_scheme': 'https'})) - - self.assertTrue(req.https) - - def test_https_prefix(self): - r = self.webapp.get('/https/') - self.assertIn('https://', r.text) - def test_big_content(self): content = b'x' * 100001 diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/req.py --- a/cubicweb/req.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/req.py Mon Jan 23 11:02:21 2017 +0100 @@ -278,9 +278,6 @@ parameters. Values are automatically URL quoted, and the publishing method to use may be specified or will be guessed. - if ``__secure__`` argument is True, the request will try to build a - https url. - raises :exc:`ValueError` if None is found in arguments """ # use *args since we don't want first argument to be "anonymous" to @@ -295,8 +292,10 @@ # not try to process it and directly call req.build_url() base_url = kwargs.pop('base_url', None) if base_url is None: - secure = kwargs.pop('__secure__', None) - base_url = self.base_url(secure=secure) + if kwargs.pop('__secure__', None) is not None: + warn('[3.25] __secure__ argument is deprecated', + DeprecationWarning, stacklevel=2) + base_url = self.base_url() path = self.build_url_path(method, kwargs) if not kwargs: return u'%s%s' % (base_url, path) @@ -502,13 +501,12 @@ raise ValueError(self._('can\'t parse %(value)r (expected %(format)s)') % {'value': value, 'format': format}) - def _base_url(self, secure=None): - if secure: - return self.vreg.config.get('https-url') or self.vreg.config['base-url'] - return self.vreg.config['base-url'] - - def base_url(self, secure=None): - """return the root url of the instance - """ - url = self._base_url(secure=secure) + def base_url(self, **kwargs): + """Return the root url of the instance.""" + secure = kwargs.pop('secure', None) + if secure is not None: + warn('[3.25] secure argument is deprecated', DeprecationWarning, stacklevel=2) + if kwargs: + raise TypeError('base_url got unexpected keyword arguments %s' % ', '.join(kwargs)) + url = self.vreg.config['base-url'] return url if url is None else url.rstrip('/') + '/' diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/sobjects/notification.py --- a/cubicweb/sobjects/notification.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/sobjects/notification.py Mon Jan 23 11:02:21 2017 +0100 @@ -187,7 +187,7 @@ kwargs.update({'user': self.user_data['login'], 'eid': entity.eid, 'etype': entity.dc_type(), - 'url': entity.absolute_url(__secure__=True), + 'url': entity.absolute_url(), 'title': entity.dc_long_title(),}) return kwargs diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/test/unittest_req.py --- a/cubicweb/test/unittest_req.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/test/unittest_req.py Mon Jan 23 11:02:21 2017 +0100 @@ -37,7 +37,7 @@ req = RequestSessionBase(None) req.from_controller = lambda: 'view' req.relative_path = lambda includeparams=True: None - req.base_url = lambda secure=None: 'http://testing.fr/cubicweb/' + req.base_url = lambda: 'http://testing.fr/cubicweb/' self.assertEqual(req.build_url(), u'http://testing.fr/cubicweb/view') self.assertEqual(req.build_url(None), u'http://testing.fr/cubicweb/view') self.assertEqual(req.build_url('one'), u'http://testing.fr/cubicweb/one') @@ -61,11 +61,15 @@ base_url = self.config['base-url'] with self.admin_access.repo_cnx() as session: self.assertEqual(session.base_url(), base_url) - assert 'https-url' not in self.config - self.assertEqual(session.base_url(secure=True), base_url) - secure_base_url = base_url.replace('http', 'https') - self.config.global_set_option('https-url', secure_base_url) - self.assertEqual(session.base_url(secure=True), secure_base_url) + + def test_secure_deprecated(self): + with self.admin_access.cnx() as cnx: + with self.assertWarns(DeprecationWarning): + cnx.base_url(secure=True) + with self.assertRaises(TypeError): + cnx.base_url(thing=42) + with self.assertWarns(DeprecationWarning): + cnx.build_url('ah', __secure__='whatever') def test_view_catch_ex(self): with self.admin_access.web_request() as req: diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/test/unittest_rset.py --- a/cubicweb/test/unittest_rset.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/test/unittest_rset.py Mon Jan 23 11:02:21 2017 +0100 @@ -119,17 +119,6 @@ # '%stask/title/go' % baseurl) # empty _restpath should not crash self.compare_urls(req.build_url('view', _restpath=''), baseurl) - self.assertNotIn('https', req.build_url('view', vid='foo', rql='yo', - __secure__=True)) - try: - self.config.global_set_option('https-url', 'https://testing.fr/') - self.assertTrue('https', req.build_url('view', vid='foo', rql='yo', - __secure__=True)) - self.compare_urls(req.build_url('view', vid='foo', rql='yo', - __secure__=True), - '%sview?vid=foo&rql=yo' % req.base_url(secure=True)) - finally: - self.config.global_set_option('https-url', None) def test_build(self): diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/web/application.py --- a/cubicweb/web/application.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/web/application.py Mon Jan 23 11:02:21 2017 +0100 @@ -125,8 +125,6 @@ """return a string giving the name of the cookie used to store the session identifier. """ - if req.https: - return '__%s_https_session' % self.vreg.config.appid return '__%s_session' % self.vreg.config.appid def get_session(self, req): @@ -158,7 +156,7 @@ def open_session(self, req): session = self.session_manager.open_session(req) sessioncookie = self.session_cookie(req) - secure = req.https and req.base_url().startswith('https://') + secure = req.base_url().startswith('https://') req.set_cookie(sessioncookie, session.sessionid, maxage=None, secure=secure, httponly=True) if not session.anonymous_session: @@ -334,27 +332,20 @@ content = self.redirect_handler(req, ex) # Wrong, absent or Reseted credential except AuthenticationError: - # If there is an https url configured and - # the request does not use https, redirect to login form - https_url = self.vreg.config['https-url'] - if https_url and req.base_url() != https_url: - req.status_out = http_client.SEE_OTHER - req.headers_out.setHeader('location', https_url + 'login') + # We assume here that in http auth mode the user *May* provide + # Authentification Credential if asked kindly. + if self.vreg.config['auth-mode'] == 'http': + req.status_out = http_client.UNAUTHORIZED + # In the other case (coky auth) we assume that there is no way + # for the user to provide them... + # XXX But WHY ? else: - # We assume here that in http auth mode the user *May* provide - # Authentification Credential if asked kindly. - if self.vreg.config['auth-mode'] == 'http': - req.status_out = http_client.UNAUTHORIZED - # In the other case (coky auth) we assume that there is no way - # for the user to provide them... - # XXX But WHY ? - else: - req.status_out = http_client.FORBIDDEN - # If previous error handling already generated a custom content - # do not overwrite it. This is used by LogOut Except - # XXX ensure we don't actually serve content - if not content: - content = self.need_login_content(req) + req.status_out = http_client.FORBIDDEN + # If previous error handling already generated a custom content + # do not overwrite it. This is used by LogOut Except + # XXX ensure we don't actually serve content + if not content: + content = self.need_login_content(req) assert isinstance(content, binary_type) return content diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/web/request.py --- a/cubicweb/web/request.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/web/request.py Mon Jan 23 11:02:21 2017 +0100 @@ -105,28 +105,19 @@ """ ajax_request = False # to be set to True by ajax controllers - def __init__(self, vreg, https=False, form=None, headers=None): + def __init__(self, vreg, form=None, headers=None): """ :vreg: Vregistry, - :https: boolean, s this a https request :form: Forms value :headers: dict, request header """ super(_CubicWebRequestBase, self).__init__(vreg) - #: (Boolean) Is this an https request. - self.https = https - #: User interface property (vary with https) (see :ref:`uiprops`) + #: User interface property (see :ref:`uiprops`) self.uiprops = None - #: url for serving datadir (vary with https) (see :ref:`resources`) + #: url for serving datadir (see :ref:`resources`) self.datadir_url = None - if https and vreg.config.https_uiprops is not None: - self.uiprops = vreg.config.https_uiprops - else: - self.uiprops = vreg.config.uiprops - if https and vreg.config.https_datadir_url is not None: - self.datadir_url = vreg.config.https_datadir_url - else: - self.datadir_url = vreg.config.datadir_url + self.uiprops = vreg.config.uiprops + self.datadir_url = vreg.config.datadir_url #: enable UStringIO's write tracing self.tracehtml = False if vreg.config.debugmode: @@ -179,22 +170,6 @@ self.ajax_request = value json_request = property(_get_json_request, _set_json_request) - def _base_url(self, secure=None): - """return the root url of the instance - - secure = False -> base-url - secure = None -> https-url if req.https - secure = True -> https if it exist - """ - if secure is None: - secure = self.https - base_url = None - if secure: - base_url = self.vreg.config.get('https-url') - if base_url is None: - base_url = super(_CubicWebRequestBase, self)._base_url() - return base_url - @property def authmode(self): """Authentification mode of the instance @@ -952,7 +927,7 @@ cnx = None session = None - def __init__(self, vreg, https=False, form=None, headers={}): + def __init__(self, vreg, form=None, headers={}): """""" self.vreg = vreg try: @@ -960,8 +935,7 @@ self.translations = vreg.config.translations except AttributeError: self.translations = {} - super(ConnectionCubicWebRequestBase, self).__init__(vreg, https=https, - form=form, headers=headers) + super(ConnectionCubicWebRequestBase, self).__init__(vreg, form=form, headers=headers) self.session = _MockAnonymousSession() self.cnx = self.user = _NeedAuthAccessMock() diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/web/test/unittest_request.py --- a/cubicweb/web/test/unittest_request.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/web/test/unittest_request.py Mon Jan 23 11:02:21 2017 +0100 @@ -71,28 +71,13 @@ class WebRequestTC(unittest.TestCase): - def test_base_url(self): - dummy_vreg = FakeCWRegistryStore(FakeConfig(), initlog=False) - dummy_vreg.config['base-url'] = 'http://babar.com/' - dummy_vreg.config['https-url'] = 'https://toto.com/' - - req = CubicWebRequestBase(dummy_vreg, https=False) - self.assertEqual('http://babar.com/', req.base_url()) - self.assertEqual('http://babar.com/', req.base_url(False)) - self.assertEqual('https://toto.com/', req.base_url(True)) - - req = CubicWebRequestBase(dummy_vreg, https=True) - self.assertEqual('https://toto.com/', req.base_url()) - self.assertEqual('http://babar.com/', req.base_url(False)) - self.assertEqual('https://toto.com/', req.base_url(True)) - def test_negotiated_language(self): vreg = FakeCWRegistryStore(FakeConfig(), initlog=False) vreg.config.translations = {'fr': (None, None), 'en': (None, None)} headers = { 'Accept-Language': 'fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3', } - req = CubicWebRequestBase(vreg, https=False, headers=headers) + req = CubicWebRequestBase(vreg, headers=headers) self.assertEqual(req.negotiated_language(), 'fr') def test_build_url_language_from_url(self): @@ -100,7 +85,7 @@ vreg.config['base-url'] = 'http://testing.fr/cubicweb/' vreg.config['language-mode'] = 'url-prefix' vreg.config.translations['fr'] = text_type, text_type - req = CubicWebRequestBase(vreg, https=False) + req = CubicWebRequestBase(vreg) # Override from_controller to avoid getting into relative_path method, # which is not implemented in CubicWebRequestBase. req.from_controller = lambda : 'not view' diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/web/views/basetemplates.py --- a/cubicweb/web/views/basetemplates.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/web/views/basetemplates.py Mon Jan 23 11:02:21 2017 +0100 @@ -474,7 +474,7 @@ url_args = {} if target and target != '/': url_args['postlogin_path'] = target - return self._cw.build_url('login', __secure__=True, **url_args) + return self._cw.build_url('login', **url_args) return super(BaseLogForm, self).form_action() diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/web/views/staticcontrollers.py --- a/cubicweb/web/views/staticcontrollers.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/web/views/staticcontrollers.py Mon Jan 23 11:02:21 2017 +0100 @@ -80,7 +80,6 @@ self._cw.set_header('last-modified', generateDateTime(os.stat(path).st_mtime)) if self._cw.is_client_cache_valid(): return '' - # XXX elif uri.startswith('/https/'): uri = uri[6:] mimetype, encoding = mimetypes.guess_type(path) if mimetype is None: mimetype = 'application/octet-stream' @@ -225,11 +224,7 @@ __regid__ = 'fckeditor' def publish(self, rset=None): - config = self._cw.vreg.config - if self._cw.https: - uiprops = config.https_uiprops - else: - uiprops = config.uiprops + uiprops = self._cw.vreg.config.uiprops relpath = self.relpath if relpath.startswith('fckeditor/'): relpath = relpath[len('fckeditor/'):] diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/web/webconfig.py --- a/cubicweb/web/webconfig.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/web/webconfig.py Mon Jan 23 11:02:21 2017 +0100 @@ -113,19 +113,6 @@ 'group': 'web', 'level': 3, }), # web configuration - ('https-url', - {'type' : 'string', - 'default': None, - 'help': 'web server root url on https. By specifying this option your '\ - 'site can be available as an http and https site. Authenticated users '\ - 'will in this case be authenticated and once done navigate through the '\ - 'https site. IMPORTANTE NOTE: to do this work, you should have your '\ - 'apache redirection include "https" as base url path so cubicweb can '\ - 'differentiate between http vs https access. For instance: \n'\ - 'RewriteRule ^/demo/(.*) http://127.0.0.1:8080/https/$1 [L,P]\n'\ - 'where the cubicweb web server is listening on port 8080.', - 'group': 'main', 'level': 3, - }), ('datadir-url', {'type': 'string', 'default': None, 'help': ('base url for static data, if different from "${base-url}/data/". ' @@ -269,9 +256,7 @@ def __init__(self, *args, **kwargs): super(WebConfiguration, self).__init__(*args, **kwargs) self.uiprops = None - self.https_uiprops = None self.datadir_url = None - self.https_datadir_url = None def fckeditor_installed(self): if self.uiprops is None: @@ -390,16 +375,8 @@ self.datadir_url += '/' if self.mode != 'test': self.datadir_url += '%s/' % self.instance_md5_version() - self.https_datadir_url = self.datadir_url return - httpsurl = self['https-url'] data_relpath = self.data_relpath() - if httpsurl: - if httpsurl[-1] != '/': - httpsurl += '/' - if not self.repairing: - self.global_set_option('https-url', httpsurl) - self.https_datadir_url = httpsurl + data_relpath self.datadir_url = baseurl + data_relpath def data_relpath(self): @@ -417,14 +394,6 @@ data=lambda x: self.datadir_url + x, datadir_url=self.datadir_url[:-1]) self._init_uiprops(self.uiprops) - if self['https-url']: - cachedir = join(self.appdatahome, 'uicachehttps') - self.check_writeable_uid_directory(cachedir) - self.https_uiprops = PropertySheet( - cachedir, - data=lambda x: self.https_datadir_url + x, - datadir_url=self.https_datadir_url[:-1]) - self._init_uiprops(self.https_uiprops) def _init_uiprops(self, uiprops): libuiprops = join(self.shared_dir(), 'data', 'uiprops.py') diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/wsgi/request.py --- a/cubicweb/wsgi/request.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/wsgi/request.py Mon Jan 23 11:02:21 2017 +0100 @@ -69,15 +69,10 @@ if k.startswith('HTTP_')) if 'CONTENT_TYPE' in environ: headers_in['Content-Type'] = environ['CONTENT_TYPE'] - https = self.is_secure() - if self.path.startswith('/https/'): - self.path = self.path[6:] - self.environ['PATH_INFO'] = self.path - https = True post, files = self.get_posted_data() - super(CubicWebWsgiRequest, self).__init__(vreg, https, post, + super(CubicWebWsgiRequest, self).__init__(vreg, post, headers= headers_in) self.content = environ['wsgi.input'] if files is not None: @@ -121,9 +116,6 @@ ## wsgi request helpers ################################################### - def is_secure(self): - return self.environ['wsgi.url_scheme'] == 'https' - def get_posted_data(self): # The WSGI spec says 'QUERY_STRING' may be absent. post = parse_qs(self.environ.get('QUERY_STRING', '')) diff -r c9e6df20e5a4 -r 4516c3956d46 cubicweb/wsgi/test/unittest_wsgi.py --- a/cubicweb/wsgi/test/unittest_wsgi.py Fri Jan 20 16:53:28 2017 +0100 +++ b/cubicweb/wsgi/test/unittest_wsgi.py Mon Jan 23 11:02:21 2017 +0100 @@ -27,30 +27,6 @@ self.assertEqual(b'some content', req.content.read()) - def test_http_scheme(self): - r = webtest.app.TestRequest.blank('/', { - 'wsgi.url_scheme': 'http'}) - - req = CubicWebWsgiRequest(r.environ, self.vreg) - - self.assertFalse(req.https) - - def test_https_scheme(self): - r = webtest.app.TestRequest.blank('/', { - 'wsgi.url_scheme': 'https'}) - - req = CubicWebWsgiRequest(r.environ, self.vreg) - - self.assertTrue(req.https) - - def test_https_prefix(self): - r = webtest.app.TestRequest.blank('/https/', { - 'wsgi.url_scheme': 'http'}) - - req = CubicWebWsgiRequest(r.environ, self.vreg) - - self.assertTrue(req.https) - def test_big_content(self): content = b'x'*100001 r = webtest.app.TestRequest.blank('/', { diff -r c9e6df20e5a4 -r 4516c3956d46 doc/book/admin/instance-config.rst --- a/doc/book/admin/instance-config.rst Fri Jan 20 16:53:28 2017 +0100 +++ b/doc/book/admin/instance-config.rst Mon Jan 23 11:02:21 2017 +0100 @@ -42,12 +42,9 @@ :`main.base-url`: url base site to be used to generate the urls of web pages -Https configuration -``````````````````` -It is possible to make a site accessible for anonymous http connections -and https for authenticated users. This requires to -use apache (for example) for redirection and the variable `main.https-url` -of configuration file. +Apache configuration +```````````````````` +It is possible to use apache (for example) as proxy. For this to work you have to activate the following apache modules : @@ -62,9 +59,8 @@ :Example: - For an apache redirection of a site accessible via `http://localhost/demo` - and `https://localhost/demo` and actually running on port 8080, it - takes to the http::: + For an apache redirection of a site accessible via `http://localhost/demo` while cubicweb is + actually running on port 8080::: ProxyPreserveHost On RewriteEngine On @@ -72,24 +68,11 @@ RewriteRule ^/demo$ /demo/ RewriteRule ^/demo/(.*) http://127.0.0.1:8080/$1 [L,P] - and for the https::: - - ProxyPreserveHost On - RewriteEngine On - RewriteCond %{REQUEST_URI} ^/ demo - RewriteRule ^/demo$/demo/ - RewriteRule ^/demo/(.*) http://127.0.0.1:8080/https/$1 [L,P] - and we will file in the all-in-one.conf of the instance::: base-url = http://localhost/demo - https-url = https://localhost/demo -Notice that if you simply want a site accessible through https, not *both* http -and https, simply set `base-url` to the https url and the first section into your -apache configuration (as you would have to do for an http configuration with an -apache front-end). Setting up the web client -------------------------