Opened 7 years ago

Closed 7 years ago

#29033 closed Bug (needsinfo)

Sitemap framework does not properly detect secure requests

Reported by: Matt Magin Owned by: nobody
Component: contrib.sitemaps Version: 2.0
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Django settings provides the option of overriding the detected protocol by setting SECURE_PROXY_SSL_HEADER, however contrib.sitemaps just defaults to 'http' if the protocol in the Sitemap class is not overridden.

Ideally contrib.sitemaps would use the request.is_secure() method to detect the protocol in the request and default to that instead.

I would be happy to provide a patch but I feel some discussion is required. The sitemap.xml views are easily fixed, however complexity is added when updating the defaults in get_urls on the Sitemap object as it doesn't have access to the request object.

Change History (2)

comment:1 by Tim Graham, 7 years ago

Generally, discussion happens more readily on the DevelopersMailingList, so consider posting there and adding a link to the discussion here.

comment:2 by Tim Graham, 7 years ago

Resolution: needsinfo
Status: newclosed

It looks to me like the contrib.sitesmaps.index() and sitemap() views already use request.scheme. It's not clear to me what further enhancements could be made.

Note: See TracTickets for help on using tickets.
Back to Top