HTTPS requests are not detected if running under mod_wsgi

Reported by stephan_hofmockel on 2012-03-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zope 2
Medium
Unassigned

Bug Description

ZPublisher/HTTPRequest.py has a detection if the protcol is https or not. The detection looks like this

if 'HTTPS' in environ and (environ['HTTPS'] == "on" or environ['HTTPS'] == "ON"):

However mod_wsgi version 3.3 constructs the following environment

{'DOCUMENT_ROOT': '/etc/apache2/htdocs',
'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTPS': '1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
'HTTP_ACCEPT_LANGUAGE': 'en-us,en;q=0.5',
'HTTP_CONNECTION': 'keep-alive',
'HTTP_COOKIE': 'tree-s="eJzT0MgpMOQKVneEAfdQW3WuAiOuxJICYy49A
.........}

So the detection does not work and all generated links have 'http' instead of 'https'

stephan_hofmockel (dreagonfly) wrote :

I changed at my installation the following at HTTPRequest.py and it works
@@ -384,7 +387,7 @@
             other['SERVER_URL'] = server_url = server_url.strip()
         else:
             if 'HTTPS' in environ and (
- environ['HTTPS'] == "on" or environ['HTTPS'] == "ON"):
+ environ['HTTPS'] == "on" or environ['HTTPS'] == "ON" or environ['HTTPS'] == '1'):
                 protocol = 'https'
             elif ('SERVER_PORT_SECURE' in environ and
                 environ['SERVER_PORT_SECURE'] == "1"):

Changed in zope2:
importance: Undecided → Medium
milestone: none → 2.13.14
status: New → Fix Committed
Changed in zope2:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers