warning for Man-in-the-middle attack in production environment.

lepture · Aug 27, 2014 · b15f4b4 · b15f4b4
1 parent 1ef1695
commit b15f4b4
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/flask_oauthlib/contrib/client/application.py b/flask_oauthlib/contrib/client/application.py
@@ -7,6 +7,7 @@
 
 import os
 import contextlib
+import warnings
 try:
     from urllib.parse import urljoin
 except ImportError:
@@ -262,4 +263,10 @@ def insecure_transport(self):
                 else:
                     os.environ.pop('OAUTHLIB_INSECURE_TRANSPORT', None)
         else:
+            if origin:
+                warnings.warn(
+                    'OAUTHLIB_INSECURE_TRANSPORT has been found in os.environ '
+                    'but the app is running in similar production environment.'
+                    ' It may put you in danger of the Man-in-the-middle attack'
+                    ' while using OAuth 2.', RuntimeWarning)
             yield