Commit c0bdb580 authored by Philippe Pepiot's avatar Philippe Pepiot
Browse files

[pyramid] set waitress url_scheme to https when base-url scheme is https

See https://docs.pylonsproject.org/projects/waitress/en/latest/#using-behind-a-reverse-proxy

Since we do not configure trusted_proxy waitress ignore X-Forwarded-Proto
header and may generate http urls (pyramid request.url) when the instance is
behind a https reverse proxy. This cause cubicweb-signredrequest to not work
with since it rely on the url (including scheme).

Set url_scheme to 'https' when CubicWeb base-url scheme is https as a
workaround.

--HG--
branch : 3.25
parent b9ffd3216187
......@@ -350,13 +350,15 @@ class PyramidStartHandler(InstanceCommand):
host = cwconfig['interface']
port = cwconfig['port'] or 8080
url_scheme = ('https' if cwconfig['base-url'].startswith('https')
else 'http')
repo = app.application.registry['cubicweb.repository']
warnings.warn(
'the "pyramid" command does not start repository "looping tasks" '
'anymore; use the standalone "scheduler" command if needed'
)
try:
waitress.serve(app, host=host, port=port)
waitress.serve(app, host=host, port=port, url_scheme=url_scheme)
finally:
repo.shutdown()
if self._needreload:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment