On Jan 2, 2009, at 9:45 PM, Tycon wrote:
I submitted a ticket (#554) for this bug, with a proposed fix.But there is another bug underlying this function which affects detection of the request's url scheme. This decorator uses "request.scheme" to find out if the request was http or https, but in a reverse proxy configuration this is always set to "http" even if the original request was https.
That's not a bug. In a reverse proxy you should be using the PrefixMiddleware which fixes up the WSGI environ based on headers that your proxy should set, like X_FORWARDED_FOR, etc.
The routes module (which provides url_for and redirect_to) actually has a better way of checking the request scheme by using the HTTP_X_FORWARDED_PROTO header (so it correctly creates fully qualified URLs even in proxy mode).
This will likely be removed in favor of using middleware as appropriate to fix the environ settings based on the deployment environment.
Cheers, Ben
smime.p7s
Description: S/MIME cryptographic signature
