id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
2092	Wrong redirect to https URL when using django with mod_python	k.shaposhnikov@…	Adrian Holovaty	"Currently in django/middleware/common.py following code is used to determine whether http or https URL should be used for redirect:
{{{
#!python
os.environ.get('HTTPS') == 'on'
}}}

This doesn't work in all cases at least with mod_python. mod_python doesn't create new process every time it process request, instead it reused already created processes.

Consider following scenario:
 * I've requested some URL of my application using HTTPS protocol. mod_python created new process A and sets HTTPS environment variable to 'on'
 * I've requested some other URL using HTTP (http://localhost/test), but redirect is required to http://localhost/test/. mod_python processes this request using the same process A, and I will be redirected to URL with HTTPS protocol: https://localhost/test/

I am not mod_python expert, but I've searched mod_python mailing lists and found following thread (by Adrian Holovaty BTW :) :
http://www.modpython.org/pipermail/mod_python/2004-September/016448.html

So the right way is to check https protocol for mod_python is:
{{{
#!python
req.subprocess_env.has_key('HTTPS') and req.subprocess_env['HTTPS'] == 'on'
}}}

As I understand following code in ModPythonHandler exists to solve the problem:
{{{
#!python
os.environ.update(req.subprocess_env)
}}}

Unfortunately it doesn't solve problem with HTTPS, because HTTPS is already 'on' in os.environ and is not presented at all in req.subprocess_env.

Possible solutions:
 * explicitly check for HTTPS environment variable
 * add is_ssl() method to HttpRequest and use it"	defect	closed	Core (Other)		normal	fixed		k.shaposhnikov@…	Unreviewed	0	0	0	0	0	0