[pyramid] set waitress url_scheme to https when base-url scheme is https 3.25
authorPhilippe Pepiot <philippe.pepiot@logilab.fr>
Tue, 24 Oct 2017 09:50:29 +0200
changeset 12216 4de5927871f9
parent 12215 b9ffd3216187
child 12217 6ab1793f6f83
[pyramid] set waitress url_scheme to https when base-url scheme is https See https://docs.pylonsproject.org/projects/waitress/en/latest/#using-behind-a-reverse-proxy Since we do not configure trusted_proxy waitress ignore X-Forwarded-Proto header and may generate http urls (pyramid request.url) when the instance is behind a https reverse proxy. This cause cubicweb-signredrequest to not work with since it rely on the url (including scheme). Set url_scheme to 'https' when CubicWeb base-url scheme is https as a workaround.
--- a/cubicweb/pyramid/pyramidctl.py	Tue Oct 17 11:59:55 2017 +0200
+++ b/cubicweb/pyramid/pyramidctl.py	Tue Oct 24 09:50:29 2017 +0200
@@ -350,13 +350,15 @@
         host = cwconfig['interface']
         port = cwconfig['port'] or 8080
+        url_scheme = ('https' if cwconfig['base-url'].startswith('https')
+                      else 'http')
         repo = app.application.registry['cubicweb.repository']
             'the "pyramid" command does not start repository "looping tasks" '
             'anymore; use the standalone "scheduler" command if needed'
-            waitress.serve(app, host=host, port=port)
+            waitress.serve(app, host=host, port=port, url_scheme=url_scheme)
         if self._needreload: