Opened 7 years ago
Closed 7 years ago
#29033 closed Bug (needsinfo)
Sitemap framework does not properly detect secure requests
Reported by: | Matt Magin | Owned by: | nobody |
---|---|---|---|
Component: | contrib.sitemaps | Version: | 2.0 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Django settings provides the option of overriding the detected protocol by setting SECURE_PROXY_SSL_HEADER, however contrib.sitemaps just defaults to 'http' if the protocol in the Sitemap class is not overridden.
Ideally contrib.sitemaps would use the request.is_secure() method to detect the protocol in the request and default to that instead.
I would be happy to provide a patch but I feel some discussion is required. The sitemap.xml views are easily fixed, however complexity is added when updating the defaults in get_urls on the Sitemap object as it doesn't have access to the request object.
Change History (2)
comment:1 by , 7 years ago
comment:2 by , 7 years ago
Resolution: | → needsinfo |
---|---|
Status: | new → closed |
It looks to me like the contrib.sitesmaps.index()
and sitemap()
views already use request.scheme
. It's not clear to me what further enhancements could be made.
Generally, discussion happens more readily on the DevelopersMailingList, so consider posting there and adding a link to the discussion here.