Re: Forcing JSON responses to use https URLs?
On Sat, Sep 17, 2011 at 1:07 PM, Leander Hasty wrote: > On Sat, Sep 17, 2011 at 2:40 PM, Christian Hammond > wrote: > > [...] We tell Django to > > build the URLs, and it checks whether HTTPS is used based on the "HTTPS" > > environment variable. Maybe there's something you could do there to fake > > that variable, set it to 1? > > I need to narrow it down a bit, some of this seems redundant, but I > think this fixed it: > > 1.) SetEnv HTTPS on # in the associated apache config file > > 2.) os.environ['HTTPS'] = 'on' # in settings_local.py (probably too > late?) > > 3.) a django patch to handlers/modpython.py to remove the > ModPythonRequest class is_secure() method "try" clause, after noticing > http://www.mail-archive.com/django-users@googlegroups.com/msg55312.html > > When I've narrowed it down a bit more I'll try to post a quick reply. > I'm also sure my temporary patch to django will get overwritten on the > next system update, so I probably need to investigate better ways of > accomplishing the same result (and even if it's really necessary). > Glad some combination of those are working :) > > Thanks for the lead. > No prob, glad it was helpful :) > > And it seems congratulations are in order for VMware Workstation 8. =) > Thanks! Christian -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Forcing JSON responses to use https URLs?
On Sat, Sep 17, 2011 at 2:40 PM, Christian Hammond wrote: > [...] We tell Django to > build the URLs, and it checks whether HTTPS is used based on the "HTTPS" > environment variable. Maybe there's something you could do there to fake > that variable, set it to 1? I need to narrow it down a bit, some of this seems redundant, but I think this fixed it: 1.) SetEnv HTTPS on # in the associated apache config file 2.) os.environ['HTTPS'] = 'on' # in settings_local.py (probably too late?) 3.) a django patch to handlers/modpython.py to remove the ModPythonRequest class is_secure() method "try" clause, after noticing http://www.mail-archive.com/django-users@googlegroups.com/msg55312.html When I've narrowed it down a bit more I'll try to post a quick reply. I'm also sure my temporary patch to django will get overwritten on the next system update, so I probably need to investigate better ways of accomplishing the same result (and even if it's really necessary). Thanks for the lead. And it seems congratulations are in order for VMware Workstation 8. =) -- Leander -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Re: Forcing JSON responses to use https URLs?
Hi Leander, The problem is that the internal site isn't using HTTPS. We tell Django to build the URLs, and it checks whether HTTPS is used based on the "HTTPS" environment variable. Maybe there's something you could do there to fake that variable, set it to 1? Christian On Friday, September 16, 2011, Leander wrote: > We recently migrated to 1.6, and our hacky ProxyPass solution for > getting offsite access to our internal RB server stopped working. > > (Scrubbing domain names in the following to protect the innocent, not > that it would be hard to figure out, heh.) > > As a bit of background, we have a rb.example.com internal site, which > is HTTP-only; there's an external www.example.com which is HTTPS-only. > > The apache config on the www.example.com server looks as follows: > > SSLProxyEngine on > >AuthType Basic >AuthName "ldap" >Require group internal external >Allow from All >ProxyPass http://rb.example.com/rb/ >ProxyPassReverse http://rb.example.com/rb/ >ProxyPassReverse http://www.example.com/rb/ >ProxyPassReverseCookieDomain rb.example.com www.example.com > > > RB's Admin -> Settings -> General -> Site Settings -> Server is set to > "https://www.example.com";, and for the heck of it I added a: > > DOMAIN_METHOD = 'https' > > ...to the settings_local.py (and verified that the corresponding .pyc > updated as of next reload). > > Most of the site works, but not all. Looking at firebug, when I > attempt to post a review or add a comment, I get e.g.: > > GET https://www.example.com/rb/api/review-requests/2819/?api_format=json > > ...with a response that includes a review_request.links full of http > URLs (instead of the desired https URLs). "Show Details" on the > server error confirms that it was trying to use http and not https: > > Request URL: http://www.example.com/rb/api/review-requests/2819/reviews/draft/ > > ProxyPassReverse obviously isn't scrubbing the json responses (it's > not supposed to, based on my understanding of the mod_proxy docs, it > only hits headers). > > Anything I can do to force json responses to use the https protocol in > their URLs? > > -- > Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ > Happy user? Let us know at http://www.reviewboard.org/users/ > -~--~~~~--~~--~--~--- > To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com > For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en > -- -- Christian Hammond - chip...@chipx86.com Review Board - http://www.reviewboard.org VMware, Inc. - http://www.vmware.com -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
Forcing JSON responses to use https URLs?
We recently migrated to 1.6, and our hacky ProxyPass solution for getting offsite access to our internal RB server stopped working. (Scrubbing domain names in the following to protect the innocent, not that it would be hard to figure out, heh.) As a bit of background, we have a rb.example.com internal site, which is HTTP-only; there's an external www.example.com which is HTTPS-only. The apache config on the www.example.com server looks as follows: SSLProxyEngine on AuthType Basic AuthName "ldap" Require group internal external Allow from All ProxyPass http://rb.example.com/rb/ ProxyPassReverse http://rb.example.com/rb/ ProxyPassReverse http://www.example.com/rb/ ProxyPassReverseCookieDomain rb.example.com www.example.com RB's Admin -> Settings -> General -> Site Settings -> Server is set to "https://www.example.com";, and for the heck of it I added a: DOMAIN_METHOD = 'https' ...to the settings_local.py (and verified that the corresponding .pyc updated as of next reload). Most of the site works, but not all. Looking at firebug, when I attempt to post a review or add a comment, I get e.g.: GET https://www.example.com/rb/api/review-requests/2819/?api_format=json ...with a response that includes a review_request.links full of http URLs (instead of the desired https URLs). "Show Details" on the server error confirms that it was trying to use http and not https: Request URL: http://www.example.com/rb/api/review-requests/2819/reviews/draft/ ProxyPassReverse obviously isn't scrubbing the json responses (it's not supposed to, based on my understanding of the mod_proxy docs, it only hits headers). Anything I can do to force json responses to use the https protocol in their URLs? -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
