I submitted a ticket (#554) for this bug, with a proposed fix. But there is another bug underlying this function which affects detection of the request's url scheme. This decorator uses "request.scheme" to find out if the request was http or https, but in a reverse proxy configuration this is always set to "http" even if the original request was https.
The routes module (which provides url_for and redirect_to) actually has a better way of checking the request scheme by using the HTTP_X_FORWARDED_PROTO header (so it correctly creates fully qualified URLs even in proxy mode). Anyway, that is a separate issue that needs to be fixed in the middleware that sets the request.scheme and the environ ['wsgi.url_scheme'], because they should reflect the original request's scheme regardless if the app is served via proxying or embedding. On Jan 2, 7:26 pm, Philip Jenvey <[email protected]> wrote: > On Jan 1, 2009, at 6:23 PM, Tycon wrote: > > > > > This decorator is supposed to redirect HTTP GET requests to HTTPS. But > > guess what ? The query string in the request URI is lost, so the > > redirected (https) request will not have any request.params even if > > the original (http) request did..... > > I'm surprised nobody's noticed this bug yet, thanks for pointing it > out. We'll get it fixed for 0.9.7 final, though you should log a > ticket for it anyway, as we're really good at forgetting about bugs > that aren't. > > A patch would be great -- there is an @https test also, which > obviously also needs attention. > > -- > Philip Jenvey --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
