On Fri, Nov 9, 2012 at 2:01 AM, Roberto De Ioris <[email protected]> wrote: > > Il giorno 08/nov/2012, alle ore 23:08, C Anthony Risinger <[email protected]> > ha scritto: > >> ... per the title, should uWSGI be handling this? i couldn't find in >> my [brief] search an authoritative resource on whose responsibility >> this is. >> >> i understand it's a relatively easy workaround (and i've done so on >> our production app), but i don't see it currently being handled in >> uWSGI source and im curious what others think/know. >> >> thoughts? >> > > Nobody knows :) > > Generally the variable (not the header) HTTPS should be checked, but latest > Django releases (as an example) take in account that header too. > > How did you managed it ?
yes AFAICT Django will not advertise https unless that header is set, or the protocol in use is TLS/SSL... i think it looks for `wsgi.url_scheme` but i didn't check. we just added `--http-var UWSGI_SCHEME=https` to our production system. apparently the load balancer we're using (perlbal?) can set X-Forwarded-Proto if we install a plugin... somewhat lame... IMO it only makes sense that the balancer sets this header, and the application server simply responds appropriately... the header should be added by whatever unwraps/wraps the TLS connection. -- C Anthony _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
