Hm, could it be that setting environ['wsgi.url_scheme'] in BaseController is too late for repoze.who?
So that I would have to create a Middleware that is inserted above repoze.who in the request stack... Am Donnerstag, 31. Mai 2012 23:07:13 UTC+2 schrieb Alessandro Molina: > > That is strange as repoze.who.friendlyform uses webob.path_url to > generate the redirect and req.path_url uses wsgi.url_scheme to create > the ending url. > So it should behave exactly like the other redirects. > > Try to place a middleware around your application to print out the > value of req.path_url just before the redirect is built, it might be > helpful to understand what is happening. > > On Thu, May 31, 2012 at 10:21 PM, Moritz Schlarb <[email protected]> > wrote: > > Sadly, the issue reappeared, out of nowhere... > > > > But not at the point where repoze.what-1.0.9 redirects you to the login > > page, but on the login_handler page from repoze.who-1.0.19 ... > > > > $ curl -v -d 'username=user&password=pass' > > https://sauce.zdv.uni-mainz.de:8088/login_handler > > > >> POST /login_handler HTTP/1.1 > >> User-Agent: curl/7.24.0 (x86_64-pc-linux-gnu) libcurl/7.24.0 > >> GnuTLS/2.12.18 zlib/1.2.5 > >> Host: sauce.zdv.uni-mainz.de:8088 > >> Accept: */* > >> Content-Length: 42 > >> Content-Type: application/x-www-form-urlencoded > >> > > * upload completely sent off: 42 out of 42 bytes > > < HTTP/1.1 302 Found > > < Date: Thu, 31 May 2012 20:17:50 GMT > > < Server: PasteWSGIServer/0.5 Python/2.7.2+ > > < Location: http://sauce.zdv.uni-mainz.de:8088/post_login?__logins=0 > > < Content-Length: 295 > > < Content-Type: text/html; charset=UTF-8 > > < Vary: Accept-Encoding > > < > > <html> > > <head> > > <title>302 Found</title> > > </head> > > <body> > > <h1>302 Found</h1> > > The resource was found at <a > > href="http://sauce.zdv.uni-mainz.de:8088/post_login?__logins=0";> > http://sauce.zdv.uni-mainz.de:8088/post_login?__logins=0</a>; > > you should be redirected automatically. > > > > > > </body> > > </html> > > > > I change nothing on the settings regarding the wsgi.url_scheme... > > > > Any ideas? > > > > Am Montag, 21. Mai 2012 23:34:09 UTC+2 schrieb Moritz Schlarb: > >> > >> Thanks, Alessandro, > >> > >> For future references, I'd like to add, that you have to tell the > proxying > >> Apache to set that header. > >> Therefore add the following line to the Apache proxy config: > >> > >> RequestHeader set X_URL_SCHEME https > >> > >> Then you can use > >> > >> environ['wsgi.url_scheme'] = environ.get('HTTP_X_URL_SCHEME', 'http') > >> > >> Cheers, > >> Moritz > >> > >> Am Montag, 21. Mai 2012 16:11:55 UTC+2 schrieb Alessandro Molina: > >>> > >>> The redirection is created using the protocol that has been used to > >>> fetch the request. > >>> As APACHE is probably fetching the answer from Paste using HTTP and > >>> not HTTPS you get the redirection as HTTP. > >>> > >>> You should add to your application a middleware that does something > like: > >>> > >>> environ['wsgi.url_scheme'] = environ.get('HTTP_X_URL_SCHEME', > >>> 'http') > >>> or > >>> if environ['HTTP_X_PROXY_HOST'].split(':')[1] == '443': > >>> environ['wsgi.url_scheme'] = 'https' > >>> > >>> depending on which headers apache is setting on proxy. > >>> The point is that you have to detect if the original request was HTTPS > >>> or not and set url_scheme accordingly. > >>> > >>> On Mon, May 21, 2012 at 3:19 PM, Moritz Schlarb wrote: > >>> > I was sure I had already read something about that error, but I'm > >>> > unable to > >>> > find it... > >>> > > >>> > I wanted to deploy a development version of my application on > another > >>> > port > >>> > at the Apache proxy frontend. > >>> > > >>> > So I added a https-only VirtualHost on Port 8088 and configured the > >>> > ProxyPass directives accordingly. > >>> > It works, but on some point I get redirected to the login page and > then > >>> > the > >>> > protocol does not preserve the https. > >>> > > >>> > curl gives me this: > >>> > > >>> > $ curl -I https://sauce.zdv.uni-mainz.de:8088/events/eip12/lessons/2 > >>> > HTTP/1.1 302 Found > >>> > Date: Mon, 21 May 2012 13:18:02 GMT > >>> > Server: PasteWSGIServer/0.5 Python/2.7.2+ > >>> > Content-Type: text/html; charset=UTF-8 > >>> > Location: > >>> > > >>> > > http://sauce.zdv.uni-mainz.de:8088/login?came_from=http%3A%2F%2Fsauce.zdv.uni-mainz.de%3A8088%2Fevents%2Feip12%2Flessons%2F2 > > >>> > Set-Cookie: > >>> > > >>> > > webflash=%7B%22status%22%3A%20%22warning%22%2C%20%22message%22%3A%20%22You%20have%20no%20permission%20to%20manage%20Lessons%20for%20this%20Event%22%7D; > > > >>> > Path=/ > >>> > Vary: Accept-Encoding > >>> > > >>> > You see, the redirection goes to plain http. > >>> > (I've checked, the issue also occurs when I get redirected to the > login > >>> > page > >>> > on the normal instance, but since I do a redirection to the https > >>> > protocol > >>> > in Apache, it is not bad there.) > >>> > > >>> > How can I make repoze.who redirect to the correct protocol? > >>> > > >>> > Cheers, > >>> > Moritz > >>> > > >>> > -- > >>> > You received this message because you are subscribed to the Google > >>> > Groups > >>> > "TurboGears" group. > >>> > To view this discussion on the web visit > >>> > https://groups.google.com/d/msg/turbogears/-/x6RRuAtVH8oJ. > >>> > To post to this group, send email to [email protected]. > >>> > To unsubscribe from this group, send email to > >>> > [email protected]. > >>> > For more options, visit this group at > >>> > http://groups.google.com/group/turbogears?hl=en. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "TurboGears" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/turbogears/-/Ic-IXyVz3wMJ. > > > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/turbogears?hl=en. > -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To view this discussion on the web visit https://groups.google.com/d/msg/turbogears/-/zs4aKNwGRXcJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
