#11902 closed (invalid)
HttpRequest is_secure does not obey WSGI
| Reported by: | ianb | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Other) | Version: | 1.1 |
| Severity: | Keywords: | wsgi | |
| Cc: | ianb@… | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The implementation of HttpRequest.is_secure() is:
def is_secure(self):
return os.environ.get("HTTPS") == "on"
This is wrong with respect to WSGI. Actually any use of os.environ is wrong with respect to WSGI. For WSGI it would be:
def is_secure(self):
return self.META.get('wsgi.url_scheme') == 'https'
Change History (2)
comment:1 by , 15 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:2 by , 15 years ago
If the docstring to HttpRequest described it as an abstract base class I probably wouldn't have been confused. (I grepped the file for subclasses, but was I'm afraid too lazy to grep all source).
Note:
See TracTickets
for help on using tickets.
The WSGIRequest subclass has it's own implementation: http://code.djangoproject.com/browser/django/trunk/django/core/handlers/wsgi.py#L127