New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detect HTTP\HTTPS and use in in links #220

Closed
okainov opened this Issue Feb 16, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@okainov
Contributor

okainov commented Feb 16, 2018

At the moment all the links from email notification are http://.... However our Kiwi instance is HTTPS, so I'm getting error in browser

Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

It would be nice if KIWI knows which protocol does it use and make links with correct protocol.

@okainov

This comment has been minimized.

Contributor

okainov commented Feb 20, 2018

Just found out there is protocol = getattr(settings, "PROTOCOL", "http") line in UrlMixin class. So it seems Kiwi expects to have PROTOCOL variable defined in settings.

If that's true, please add it to the doc and also maybe it makes sense to create placeholder in settings file like

# Change to https if you're running Kiwi under https
PROTOCOL = 'http'
@atodorov

This comment has been minimized.

Member

atodorov commented Feb 20, 2018

The proper way to fix this is to reliably get the URL of the Kiwi instance and not rely on settings. The registration confirmation emails already do this but other probably don't.

We'll inspect all of the templates and make changes where necessary when we come to this item.

@atodorov

This comment has been minimized.

Member

atodorov commented Mar 6, 2018

@GodfatherThe if you are using the docker container this should not be an issue because Apache is configured to redirect all plain text requests back to HTTPS:

# Force the use of ssl:
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>

That said I acknowledge this is a problem that needs to be fixed. However some of these links are probably hard-coded in the templates as well so we'll have to inspect all of them.

atodorov added a commit that referenced this issue Mar 21, 2018

Change util function to default to https. Fixes #220
NOTE: there isn't a reliable way to always detect whether or not
we use HTTPS so if we are in production mode default to HTTPS. This
is a safe assumption because the docker image uses HTTPS and because
you should always use HTTPS anyway!

@atodorov atodorov closed this in 6973f15 Mar 21, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment