Sadly, the issue reappeared, out of nowhere... But not at the point where repoze.what-1.0.9 redirects you to the login page, but on the login_handler page from repoze.who-1.0.19 ...
$ curl -v -d 'username=user&password=pass' https://sauce.zdv.uni-mainz.de:8088/login_handler > POST /login_handler HTTP/1.1 > User-Agent: curl/7.24.0 (x86_64-pc-linux-gnu) libcurl/7.24.0 GnuTLS/2.12.18 zlib/1.2.5 > Host: sauce.zdv.uni-mainz.de:8088 > Accept: */* > Content-Length: 42 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 42 out of 42 bytes < HTTP/1.1 302 Found < Date: Thu, 31 May 2012 20:17:50 GMT < Server: PasteWSGIServer/0.5 Python/2.7.2+ < Location: http://sauce.zdv.uni-mainz.de:8088/post_login?__logins=0 < Content-Length: 295 < Content-Type: text/html; charset=UTF-8 < Vary: Accept-Encoding < <html> <head> <title>302 Found</title> </head> <body> <h1>302 Found</h1> The resource was found at <a href="http://sauce.zdv.uni-mainz.de:8088/post_login?__logins=0";>http://sauce.zdv.uni-mainz.de:8088/post_login?__logins=0</a>; you should be redirected automatically. </body> </html> I change nothing on the settings regarding the wsgi.url_scheme... Any ideas? Am Montag, 21. Mai 2012 23:34:09 UTC+2 schrieb Moritz Schlarb: > > Thanks, Alessandro, > > For future references, I'd like to add, that you have to tell the proxying > Apache to set that header. > Therefore add the following line to the Apache proxy config: > > RequestHeader set X_URL_SCHEME https > > Then you can use > > environ['wsgi.url_scheme'] = environ.get('HTTP_X_URL_SCHEME', 'http') > > Cheers, > Moritz > > Am Montag, 21. Mai 2012 16:11:55 UTC+2 schrieb Alessandro Molina: >> >> The redirection is created using the protocol that has been used to >> fetch the request. >> As APACHE is probably fetching the answer from Paste using HTTP and >> not HTTPS you get the redirection as HTTP. >> >> You should add to your application a middleware that does something like: >> >> environ['wsgi.url_scheme'] = environ.get('HTTP_X_URL_SCHEME', >> 'http') >> or >> if environ['HTTP_X_PROXY_HOST'].split(':')[1] == '443': >> environ['wsgi.url_scheme'] = 'https' >> >> depending on which headers apache is setting on proxy. >> The point is that you have to detect if the original request was HTTPS >> or not and set url_scheme accordingly. >> >> On Mon, May 21, 2012 at 3:19 PM, Moritz Schlarb wrote: >> > I was sure I had already read something about that error, but I'm >> unable to >> > find it... >> > >> > I wanted to deploy a development version of my application on another >> port >> > at the Apache proxy frontend. >> > >> > So I added a https-only VirtualHost on Port 8088 and configured the >> > ProxyPass directives accordingly. >> > It works, but on some point I get redirected to the login page and then >> the >> > protocol does not preserve the https. >> > >> > curl gives me this: >> > >> > $ curl -I https://sauce.zdv.uni-mainz.de:8088/events/eip12/lessons/2 >> > HTTP/1.1 302 Found >> > Date: Mon, 21 May 2012 13:18:02 GMT >> > Server: PasteWSGIServer/0.5 Python/2.7.2+ >> > Content-Type: text/html; charset=UTF-8 >> > Location: >> > >> http://sauce.zdv.uni-mainz.de:8088/login?came_from=http%3A%2F%2Fsauce.zdv.uni-mainz.de%3A8088%2Fevents%2Feip12%2Flessons%2F2 >> >> > Set-Cookie: >> > >> webflash=%7B%22status%22%3A%20%22warning%22%2C%20%22message%22%3A%20%22You%20have%20no%20permission%20to%20manage%20Lessons%20for%20this%20Event%22%7D; >> >> >> > Path=/ >> > Vary: Accept-Encoding >> > >> > You see, the redirection goes to plain http. >> > (I've checked, the issue also occurs when I get redirected to the login >> page >> > on the normal instance, but since I do a redirection to the https >> protocol >> > in Apache, it is not bad there.) >> > >> > How can I make repoze.who redirect to the correct protocol? >> > >> > Cheers, >> > Moritz >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "TurboGears" group. >> > To view this discussion on the web visit >> > https://groups.google.com/d/msg/turbogears/-/x6RRuAtVH8oJ. >> > To post to this group, send email to [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]. >> > For more options, visit this group at >> > http://groups.google.com/group/turbogears?hl=en. >> > -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To view this discussion on the web visit https://groups.google.com/d/msg/turbogears/-/Ic-IXyVz3wMJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
