Add a FORCE_URL_SCHEME option

[mitsuhiko]

It should be possible to force the URL scheme to https for all things. That includes URL generation as well as automatic redirect checks on all requests.

[pwaller]

I've just hit the problem that my application is generating a http url even though PREFERRED_URL_SCHEME is set to https. My understanding is that this should force it, but it does not work unless I pass it to _scheme everywhere, which is a big mess. Does anyone have any ideas how to fix this?

[untitaker]

@pwaller Most likely a misconfiguration of your reverse-proxying. Check your WSGI environment with request.environ, also http://werkzeug.pocoo.org/docs/contrib/fixers/#werkzeug.contrib.fixers.ProxyFix

[pwaller]

Hm. It's behind an amazon ELB.

[pwaller]

(And therefore I think that X-Forwarded-Proto should be set for us...)

[untitaker]

Yes, and you need to use the ProxyFix for this. The reason for this behavior not being the default is that this header might not be set in some configurations, in which case the HTTP client can forge this and related headers.

[pwaller]

Ah yes. Thanks :)

[dorianpula]

It sounds like @pwaller's issue was resolved. But I assume this is still something we want to get working for 1.0?

[untitaker]

I think nowadays people use different means of enforcing HTTPS, so this might not be that necessary. Still a nice feature to have.

[autoferrit]

I am at the pycon sprints, I am going to see if I can add a config flag for adding this.

[jeffwidman]

I don't really see the value here myself as it feels like something better handled at the webserver layer... my vote is to forgo this.