Code

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#11902 closed (invalid)

HttpRequest is_secure does not obey WSGI

Reported by: ianb Owned by: nobody
Component: Core (Other) Version: 1.1
Severity: Keywords: wsgi
Cc: ianb@… Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The implementation of HttpRequest.is_secure() is:

    def is_secure(self):
        return os.environ.get("HTTPS") == "on"

This is wrong with respect to WSGI. Actually any use of os.environ is wrong with respect to WSGI. For WSGI it would be:

    def is_secure(self):
        return self.META.get('wsgi.url_scheme') == 'https'

Attachments (0)

Change History (2)

comment:1 Changed 5 years ago by Alex

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to invalid
  • Status changed from new to closed

comment:2 Changed 5 years ago by ianb

If the docstring to HttpRequest described it as an abstract base class I probably wouldn't have been confused. (I grepped the file for subclasses, but was I'm afraid too lazy to grep all source).

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.