TechQA.

Pyramid debug toolbar serving static content over HTTP instead of HTTPS

590 views Asked by At

On our test servers, we're using the Pyramid debug toolbar, however, it generates http:// links to static content (like its CSS and JavaScript files), while the rest of the content is served over HTTPS. This causes mixed content warnings, and it breaks all functionality. Is there a way to force it to generate HTTPS links?

I know it's possible to enable mixed content in Chrome, and this works, but it's not a feasible solution for the entire QA team.

python python-3.x pyramid pylons pyramid-debug-toolbar
Original Q&A
3

There are 3 answers

0
Anthon On BEST ANSWER

There might be better/simpler ways to achieve this, but one thing you can do to achieve this add the _scheme='https' parameter to each call to request.static_url().

For that you can of course edit pyramid/url.py, but you can also do this in your projects' __init__.py:

from pyramid.url import URLMethodsMixin

URLMethodsMixin.static_url_org = URLMethodsMixin.static_url  # backup of original

def https_static_url(self, *args, **kw):
    kw['_scheme'] = 'https'  # add parameter forcing https
    return URLMethodsMixin.static_url_org(self, *args, **kw)  # call backup

URLMethodsMixin.static_url = https_static_url  # replace original with backup

Parameters for static_url works like route_url. From the documentation:

Note that if _scheme is passed as https, and _port is not passed, the _port value is assumed to have been passed as 443. Likewise, if _scheme is passed as http and _port is not passed, the _port value is assumed to have been passed as 80. To avoid this behavior, always explicitly pass _port whenever you pass _scheme. Setting '_scheme' automatically forces port 443

0
Mikko Ohtamaa On

Usually you signal your web server to use HTTPS instead of HTTP by passing through X-Forwarded-Proto HTTP header.

Example from Nginx:

    proxy_set_header X-Forwarded-Proto $scheme;

However, this is not standard and may depend on your web server configuration. Here is full example for Nginx + uWSGI:

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;

    uwsgi_pass 127.0.0.1:8001;
    uwsgi_param UWSGI_SCHEME https;
    uwsgi_pass_header X_FORWARDED_PROTO;
    uwsgi_pass_header X_REAL_IP;

See how WebOb (underlying Request for Pyramid) reconstructs URL from given HTTP headers.

0
Yann Dìnendal On

https://stackoverflow.com/a/42358816/358532

You can add url_scheme param to your configuration file (separated by environment) like that:

[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = 6500
url_scheme = https

Related Questions in PYTHON

Related Questions in PYTHON-3.X

Related Questions in PYRAMID

Related Questions in PYLONS

Related Questions in PYRAMID-DEBUG-TOOLBAR

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions