Zope 2

HTTPS requests are not detected if running under mod_wsgi

Bug #950689 reported by stephan_hofmockel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zope 2
Fix Released
Medium
Unassigned
Zope 2 2.13.14

Bug Description

ZPublisher/HTTPRequest.py has a detection if the protcol is https or not. The detection looks like this

if 'HTTPS' in environ and (environ['HTTPS'] == "on" or environ['HTTPS'] == "ON"):

However mod_wsgi version 3.3 constructs the following environment

{'DOCUMENT_ROOT': '/etc/apache2/htdocs',
'GATEWAY_INTERFACE': 'CGI/1.1',
 'HTTPS': '1',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
'HTTP_ACCEPT_LANGUAGE': 'en-us,en;q=0.5',
'HTTP_CONNECTION': 'keep-alive',
'HTTP_COOKIE': 'tree-s="eJzT0MgpMOQKVneEAfdQW3WuAiOuxJICYy49A
.........}

So the detection does not work and all generated links have 'http' instead of 'https'

Revision history for this message
stephan_hofmockel (dreagonfly) wrote :

I changed at my installation the following at HTTPRequest.py and it works
@@ -384,7 +387,7 @@
             other['SERVER_URL'] = server_url = server_url.strip()
         else:
             if 'HTTPS' in environ and (
- environ['HTTPS'] == "on" or environ['HTTPS'] == "ON"):
+ environ['HTTPS'] == "on" or environ['HTTPS'] == "ON" or environ['HTTPS'] == '1'):
                 protocol = 'https'
             elif ('SERVER_PORT_SECURE' in environ and
                 environ['SERVER_PORT_SECURE'] == "1"):

Hanno Schlichting (hannosch)
Changed in zope2:
importance: Undecided → Medium
milestone: none → 2.13.14
status: New → Fix Committed
Hanno Schlichting (hannosch)
Changed in zope2:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.