From: Konstantin Ryabitsev Date: Fri, 11 Oct 2013 14:47:30 +0000 (-0400) Subject: Add a config option to FORCE_HTTPS_LINKS X-Git-Url: http://git.ozlabs.org/?a=commitdiff_plain;h=0f62b0c1d9e35319c2f0386ac9ba1371e15dc9ec;hp=0f62b0c1d9e35319c2f0386ac9ba1371e15dc9ec;p=patchwork Add a config option to FORCE_HTTPS_LINKS In situations where SSL is terminated at the load-balancer, we cannot rely on guessing the scheme based on whether patchwork itself was accessed via http or https, since the last-leg is always going to be done over http. Unfortunately, wrongly using http:// URLs results in unusable .pwclientrc files, since xmlrpc does not handle http->https redirects and instead displays a traceback. This change introduces a FORCE_HTTPS_LINKS option, which forces pwclientrc links to always return "https" regardless of how the project itself is accessed. It appears that the http/https check is currently only used for generating pwclientrc -- a lot of other places seem to hardcode "http://" and rely on the server to transparently upgrade the connection. This is not a secure approach (it allows for MITM and SSL-Strip attacks) and therefore all places currently hardcoding http://{{site.domain}} and similar should be switched to using the "sheme" variable, the same as done for generating pwclientrc files. Signed-off-by: Jeremy Kerr ---