The redirection is created using the protocol that has been used to
fetch the request.
As APACHE is probably fetching the answer from Paste using HTTP and
not HTTPS you get the redirection as HTTP.
You should add to your application a middleware that does something like:
environ['wsgi.url_scheme'] = environ.get('HTTP_X_URL_SCHEME', 'http')
or
if environ['HTTP_X_PROXY_HOST'].split(':')[1] == '443':
environ['wsgi.url_scheme'] = 'https'
depending on which headers apache is setting on proxy.
The point is that you have to detect if the original request was HTTPS
or not and set url_scheme accordingly.
On Mon, May 21, 2012 at 3:19 PM, Moritz Schlarb <[email protected]> wrote:
> I was sure I had already read something about that error, but I'm unable to
> find it...
>
> I wanted to deploy a development version of my application on another port
> at the Apache proxy frontend.
>
> So I added a https-only VirtualHost on Port 8088 and configured the
> ProxyPass directives accordingly.
> It works, but on some point I get redirected to the login page and then the
> protocol does not preserve the https.
>
> curl gives me this:
>
> $ curl -I https://sauce.zdv.uni-mainz.de:8088/events/eip12/lessons/2
> HTTP/1.1 302 Found
> Date: Mon, 21 May 2012 13:18:02 GMT
> Server: PasteWSGIServer/0.5 Python/2.7.2+
> Content-Type: text/html; charset=UTF-8
> Location:
> http://sauce.zdv.uni-mainz.de:8088/login?came_from=http%3A%2F%2Fsauce.zdv.uni-mainz.de%3A8088%2Fevents%2Feip12%2Flessons%2F2
> Set-Cookie:
> webflash=%7B%22status%22%3A%20%22warning%22%2C%20%22message%22%3A%20%22You%20have%20no%20permission%20to%20manage%20Lessons%20for%20this%20Event%22%7D;
> Path=/
> Vary: Accept-Encoding
>
> You see, the redirection goes to plain http.
> (I've checked, the issue also occurs when I get redirected to the login page
> on the normal instance, but since I do a redirection to the https protocol
> in Apache, it is not bad there.)
>
> How can I make repoze.who redirect to the correct protocol?
>
> Cheers,
> Moritz
>
> --
> You received this message because you are subscribed to the Google Groups
> "TurboGears" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/turbogears/-/x6RRuAtVH8oJ.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/turbogears?hl=en.
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en.
