...
 
Commits (2)
......@@ -26,9 +26,6 @@ from p2.lib.sentry import before_send
LOGGER = logging.getLogger(__name__)
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
......@@ -39,6 +36,9 @@ SECRET_KEY = CONFIG.get('secret_key',
DEBUG = CONFIG.get('debug')
CORS_ORIGIN_ALLOW_ALL = DEBUG
SECURE_SSL_REDIRECT = not DEBUG
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
ALLOWED_HOSTS = ['*']
INTERNAL_IPS = ['127.0.0.1']
......
......@@ -53,5 +53,9 @@ class S3RoutingMiddleware:
request.user = user
# AWS Views don't have CSRF Tokens, hence we use csrf_exempt
setattr(request, '_dont_enforce_csrf_checks', True)
# GET and HEAD requests are allowed over http, everything else is redirect to https
if request.method in ['GET', 'HEAD']:
# Set SECURE_PROXY_SSL_HEADER so SecurityMiddleware doesn't return a 302
request.META['HTTP_X_FORWARDED_PROTO'] = 'https'
response = self.get_response(request)
return response
......@@ -88,6 +88,8 @@ class ServeRoutingMiddleware:
# save blob pk so we don't need to re-evaluate rules
cache.set(cache_key, blob.pk)
request.log(blob_pk=blob.pk)
# Since we don't use any extra views or URLs here, we don't have to
# trick SecurityMiddleware into not returning a 302
headers = blob.attributes.get(ATTR_BLOB_HEADERS, {})
response = BlobResponse(blob)
for header_key, header_value in headers.items():
......