72 lines
2.6 KiB
Python
72 lines
2.6 KiB
Python
# -*- coding: utf-8 -*-
|
|
#
|
|
# Copyright © 2014 Red Hat, Inc.
|
|
#
|
|
# This copyrighted material is made available to anyone wishing to use,
|
|
# modify, copy, or redistribute it subject to the terms and conditions
|
|
# of the GNU General Public License v.2, or (at your option) any later
|
|
# version. This program is distributed in the hope that it will be
|
|
# useful, but WITHOUT ANY WARRANTY expressed or implied, including the
|
|
# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
# PURPOSE. See the GNU General Public License for more details. You
|
|
# should have received a copy of the GNU General Public License along
|
|
# with this program; if not, write to the Free Software Foundation,
|
|
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
#
|
|
# Any Red Hat trademarks that are incorporated in the source
|
|
# code or documentation are not subject to the GNU General Public
|
|
# License and may only be used or replicated with the express permission
|
|
# of Red Hat, Inc.
|
|
#
|
|
|
|
'''
|
|
Makes pagure an application behind a reverse proxy and thus ensure the
|
|
redirects are using ``https``.
|
|
|
|
Source: http://flask.pocoo.org/snippets/35/ by Peter Hansen
|
|
'''
|
|
|
|
|
|
class ReverseProxied(object): # pragma: no cover
|
|
'''Wrap the application in this middleware and configure the
|
|
front-end server to add these headers, to let you quietly bind
|
|
this to a URL other than / and to an HTTP scheme that is
|
|
different than what is used locally.
|
|
|
|
In nginx:
|
|
location /myprefix {
|
|
proxy_pass http://192.168.0.1:5001;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Scheme $scheme;
|
|
proxy_set_header X-Script-Name /myprefix;
|
|
}
|
|
In apache:
|
|
RequestHeader set X-Forwarded-Scheme https early
|
|
RequestHeader set X-Scheme https early
|
|
RequestHeader add X-Script-Name /myprefix early
|
|
RequestHeader set X-Forwarded-Proto https early
|
|
|
|
:param app: the WSGI application
|
|
'''
|
|
def __init__(self, app):
|
|
self.app = app
|
|
|
|
def __call__(self, environ, start_response):
|
|
script_name = environ.get('HTTP_X_SCRIPT_NAME', '')
|
|
if script_name:
|
|
environ['SCRIPT_NAME'] = script_name
|
|
path_info = environ['PATH_INFO']
|
|
if path_info.startswith(script_name):
|
|
environ['PATH_INFO'] = path_info[len(script_name):]
|
|
|
|
server = environ.get('HTTP_X_FORWARDED_HOST', '')
|
|
if server:
|
|
environ['HTTP_HOST'] = server
|
|
|
|
scheme = environ.get('HTTP_X_SCHEME', '')
|
|
if scheme:
|
|
environ['wsgi.url_scheme'] = scheme
|
|
|
|
return self.app(environ, start_response)
|