Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#11902 closed (invalid)

HttpRequest is_secure does not obey WSGI

Reported by: ianb Owned by: nobody
Component: Core (Other) Version: 1.1
Severity: Keywords: wsgi
Cc: ianb@… Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


The implementation of HttpRequest.is_secure() is:

    def is_secure(self):
        return os.environ.get("HTTPS") == "on"

This is wrong with respect to WSGI. Actually any use of os.environ is wrong with respect to WSGI. For WSGI it would be:

    def is_secure(self):
        return self.META.get('wsgi.url_scheme') == 'https'

Change History (2)

comment:1 Changed 9 years ago by Alex Gaynor

Resolution: invalid
Status: newclosed

comment:2 Changed 9 years ago by ianb

If the docstring to HttpRequest described it as an abstract base class I probably wouldn't have been confused. (I grepped the file for subclasses, but was I'm afraid too lazy to grep all source).

Note: See TracTickets for help on using tickets.
Back to Top