[pyramid] set waitress url_scheme to https when base-url scheme is https
See https://docs.pylonsproject.org/projects/waitress/en/latest/#using-behind-a-reverse-proxy
Since we do not configure trusted_proxy waitress ignore X-Forwarded-Proto
header and may generate http urls (pyramid request.url) when the instance is
behind a https reverse proxy. This cause cubicweb-signredrequest to not work
with since it rely on the url (including scheme).
Set url_scheme to 'https' when CubicWeb base-url scheme is https as a
workaround.
--- a/cubicweb/pyramid/pyramidctl.py Tue Oct 17 11:59:55 2017 +0200
+++ b/cubicweb/pyramid/pyramidctl.py Tue Oct 24 09:50:29 2017 +0200
@@ -350,13 +350,15 @@
host = cwconfig['interface']
port = cwconfig['port'] or 8080
+ url_scheme = ('https' if cwconfig['base-url'].startswith('https')
+ else 'http')
repo = app.application.registry['cubicweb.repository']
warnings.warn(
'the "pyramid" command does not start repository "looping tasks" '
'anymore; use the standalone "scheduler" command if needed'
)
try:
- waitress.serve(app, host=host, port=port)
+ waitress.serve(app, host=host, port=port, url_scheme=url_scheme)
finally:
repo.shutdown()
if self._needreload: