OpenSRF

Python: opensrf.gateway uses hardcoded HTTP connection, prevents HTTPS communication

Bug #1409055 reported by Dan Scott
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenSRF
Fix Released
Low
Unassigned
OpenSRF 2.4.1

Bug Description

* OpenSRF master

The buildURL method in osrf.gateway is defined as follows:

    def buildURL(self):
        return 'http://%s/%s' % (defaultHost, self.path)

This prevents the use of a gateway that has been defined to be HTTPS-only. Even given a 302, instead of following the URL to the redirected HTTPS version, it simply returns an exception.

Tags: pullrequest
Revision history for this message
Bill Erickson (berick) wrote :

Pushed:

http://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/berick/lp1409055-osrf-gateway-proto

tags: added: pullrequest
Revision history for this message
Dan Scott (denials) wrote :

Hmm, here's the direction I was coming at it from: rather than adding another variable to the mix, we could just check the incoming defaultHost variable in buildURL() for a prefix of "HTTPS" (or HTTP) and use that if offered.

http://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/dbs/lp1409055_https_python_support

Revision history for this message
Bill Erickson (berick) wrote :

I like your solution better, Dan. I forgot all about default host. Since setDefaultHost() has to be called anyway, it makes sense to leverage that. Tested and signed-off.

http://git.evergreen-ils.org/?p=working/OpenSRF.git;a=shortlog;h=refs/heads/user/berick/lp1409055-python-https-via-dbs

Revision history for this message
Dan Scott (denials) wrote :

Okay! I've merged this and pushed it to master, accordingly. Thanks Bill!

Changed in opensrf:
status: New → Fix Committed
milestone: none → 2.4.1
Revision history for this message
Dan Scott (denials) wrote :

Also pushed to rel_2_4, as the only target available was 2.4.1. And this makes sense as a bug fix.

Galen Charlton (gmc)
Changed in opensrf:
status: Fix Committed → Fix Released
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.