Python: opensrf.gateway uses hardcoded HTTP connection, prevents HTTPS communication

Bug #1409055 reported by Dan Scott on 2015-01-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenSRF
Low
Unassigned

Bug Description

* OpenSRF master

The buildURL method in osrf.gateway is defined as follows:

    def buildURL(self):
        return 'http://%s/%s' % (defaultHost, self.path)

This prevents the use of a gateway that has been defined to be HTTPS-only. Even given a 302, instead of following the URL to the redirected HTTPS version, it simply returns an exception.

Dan Scott (denials) wrote :

Hmm, here's the direction I was coming at it from: rather than adding another variable to the mix, we could just check the incoming defaultHost variable in buildURL() for a prefix of "HTTPS" (or HTTP) and use that if offered.

http://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/dbs/lp1409055_https_python_support

Bill Erickson (berick) wrote :

I like your solution better, Dan. I forgot all about default host. Since setDefaultHost() has to be called anyway, it makes sense to leverage that. Tested and signed-off.

http://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/berick/lp1409055-python-https-via-dbs

Dan Scott (denials) wrote :

Okay! I've merged this and pushed it to master, accordingly. Thanks Bill!

Changed in opensrf:
status: New → Fix Committed
milestone: none → 2.4.1
Dan Scott (denials) wrote :

Also pushed to rel_2_4, as the only target available was 2.4.1. And this makes sense as a bug fix.

Galen Charlton (gmc) on 2016-02-04
Changed in opensrf:
status: Fix Committed → Fix Released
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers