Permalink
Browse files

HTTPSify all the links

Optionally, of course. If your instance doesn't support HTTPS you
can leave `default_scheme` set to `http`
  • Loading branch information...
1 parent e7bbf26 commit 9372deb62f057a1d504b7722fb54adfad9c2cd53 @JordanMilne JordanMilne committed Sep 21, 2015
View
@@ -1,4 +1,4 @@
-![white hat trophy](http://b.thumbs.redditmedia.com/n0_7BYpCg_RYB1j7.png)
+![white hat trophy](https://b.thumbs.redditmedia.com/n0_7BYpCg_RYB1j7.png)
Like all pieces of software, reddit has bugs – and it always will. Some
of them will take the form of security vulnerabilities.
@@ -8,6 +8,6 @@ If you find a security vulnerability in reddit, please privately report it to
usually within 24 hours.
Once the issue is fixed, if you provide your reddit username, we'll credit your
-account with a [whitehat](http://www.reddit.com/wiki/whitehat) trophy.
+account with a [whitehat](https://www.reddit.com/wiki/whitehat) trophy.
Thank you and good hunting.
View
@@ -493,6 +493,8 @@ import_private = false
geoip_location = http://127.0.0.1:5000
# account name that AutoModerator actions will be done by
automoderator_account =
+# Which scheme to use for URLs when the current protocol isn't known
+default_scheme = http
############################################ AUTHENTICATION
@@ -229,7 +229,7 @@ def __call__(self, environ, start_response):
subdomains.append(g.domain)
redir = "%s/r/%s/%s" % ('.'.join(subdomains),
sr_redirect, environ['FULLPATH'])
- redir = "http://" + redir.replace('//', '/')
+ redir = g.default_scheme + "://" + redir.replace('//', '/')
start_response("301 Moved Permanently", [("Location", redir)])
return [""]
@@ -124,7 +124,7 @@ def make_map(config):
mc('/awards/received', controller='front', action='received_award')
mc('/i18n', controller='redirect', action='redirect',
- dest='http://www.reddit.com/r/i18n')
+ dest='https://www.reddit.com/r/i18n')
mc('/feedback', controller='redirect', action='redirect',
dest='/contact')
mc('/contact', controller='front', action='contact_us')
@@ -458,7 +458,7 @@ def make_map(config):
dest='https://addons.mozilla.org/firefox/addon/socialite/')
mc('/mobile', controller='redirect', action='redirect',
- dest='http://m.reddit.com/')
+ dest='https://m.reddit.com/')
# Used for showing ads
mc("/ads/", controller="ad", action="ad")
@@ -41,7 +41,7 @@
def renderurl_cached(path):
# Needed so http://reddit.com/help/ works
fp = path.rstrip("/")
- u = "http://code.reddit.com/wiki" + fp + '?stripped=1'
+ u = "https://code.reddit.com/wiki" + fp + '?stripped=1'
g.log.debug("Pulling %s for help" % u)
@@ -87,7 +87,7 @@ def renderurl(self, override=None):
GET_help = POST_help = renderurl
def GET_blog(self):
- return self.redirect("http://blog.%s/" %
+ return self.redirect("https://blog.%s/" %
get_domain(cname = False, subreddit = False,
no_www = True))
@@ -361,8 +361,8 @@ def send_gold_code(buyer, months, days,
subject = _('Your gold gift code has been generated!')
message = _('Here is your gift code for %(amount)s of reddit gold:\n\n'
'%(code)s\n\nThe recipient (or you!) can enter it at '
- 'http://www.reddit.com/gold or go directly to '
- 'http://www.reddit.com/thanks/%(code)s to claim it.'
+ 'https://www.reddit.com/gold or go directly to '
+ 'https://www.reddit.com/thanks/%(code)s to claim it.'
) % {'amount': amount, 'code': code}
if buyer:
@@ -868,8 +868,9 @@ def complete_gold_purchase(cls, webhook):
elif goldtype == 'creddits':
buyer._incr('gold_creddits', months)
subject = "thanks for buying creddits!"
- message = ("To spend them, visit http://%s/gold or your "
- "favorite person's userpage." % (g.domain))
+ message = ("To spend them, visit %s://%s/gold or your "
+ "favorite person's userpage." % (g.default_scheme,
+ g.domain))
elif goldtype == 'gift':
send_gift(buyer, recipient, months, days, signed, giftmessage,
@@ -368,7 +368,7 @@ def set_subreddit():
domain = g.domain
if g.domain_prefix:
domain = ".".join((g.domain_prefix, domain))
- path = 'http://%s%s' % (domain, sr.path)
+ path = '%s://%s%s' % (g.default_scheme, domain, sr.path)
abort(301, location=BaseController.format_output_url(path))
elif '+' in sr_name:
name_filter = lambda name: Subreddit.is_valid_name(name,
@@ -23,6 +23,7 @@
import string
from pylons import tmpl_context as c
+from pylons import app_globals as g
from reddit_base import RedditController
from r2.lib import utils
@@ -53,7 +54,7 @@ def demangle_url(path):
if not allowed_protocol.match(path):
return None
else:
- path = 'http://%s' % path
+ path = '%s://%s' % (g.default_scheme, path)
if need_insert_slash.match(path):
path = string.replace(path, '/', '//', 1)
@@ -520,7 +520,7 @@ def setup(self):
self.read_only_mode = True
origin_prefix = self.domain_prefix + "." if self.domain_prefix else ""
- self.origin = "http://" + origin_prefix + self.domain
+ self.origin = self.default_scheme + "://" + origin_prefix + self.domain
self.trusted_domains = set([self.domain])
if self.https_endpoint:
@@ -286,6 +286,7 @@ def __init__(self, space_compress=None, nav_menus=None, loginbox=True,
u = UrlParser(request.fullpath)
u.set_extension("")
u.hostname = g.domain
+ u.scheme = g.default_scheme
if g.domain_prefix:
u.hostname = "%s.%s" % (g.domain_prefix, u.hostname)
self.canonical_link = u.unparse()
View
@@ -106,26 +106,28 @@ def promo_keep_fn(item):
# attrs
-def _base_domain():
+def _base_host():
if g.domain_prefix:
- return g.domain_prefix + '.' + g.domain
+ base_domain = g.domain_prefix + '.' + g.domain
else:
- return g.domain
+ base_domain = g.domain
+ return "%s://%s" % (g.default_scheme, base_domain)
+
def promo_traffic_url(l): # old traffic url
- return "http://%s/traffic/%s/" % (_base_domain(), l._id36)
+ return "%s/traffic/%s/" % (_base_host(), l._id36)
def promotraffic_url(l): # new traffic url
- return "http://%s/promoted/traffic/headline/%s" % (_base_domain(), l._id36)
+ return "%s/promoted/traffic/headline/%s" % (_base_host(), l._id36)
def promo_edit_url(l):
- return "http://%s/promoted/edit_promo/%s" % (_base_domain(), l._id36)
+ return "%s/promoted/edit_promo/%s" % (_base_host(), l._id36)
def view_live_url(l, srname):
- domain = _base_domain()
+ host = _base_host()
if srname:
- domain += '/r/%s' % srname
- return 'http://%s/?ad=%s' % (domain, l._fullname)
+ host += '/r/%s' % srname
+ return '%s/?ad=%s' % (host, l._fullname)
def payment_url(action, link_id36, campaign_id36):
path = '/promoted/%s/%s/%s' % (action, link_id36, campaign_id36)
@@ -413,33 +413,30 @@ def get_domain(cname = False, subreddit = True, no_www = False):
return domain
def dockletStr(context, type, browser):
- domain = get_domain()
-
- # while site_domain will hold the (possibly) cnamed version
- site_domain = get_domain(True)
+ site_host = "%s://%s" % (g.default_scheme, get_domain())
if type == "serendipity!":
- return "http://"+site_domain+"/random"
+ return site_host+"/random"
elif type == "submit":
- return ("javascript:location.href='http://"+site_domain+
+ return ("javascript:location.href='"+site_host+
"/submit?url='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title)")
elif type == "reddit toolbar":
- return ("javascript:%20var%20h%20=%20window.location.href;%20h%20=%20'http://" +
- site_domain + "/s/'%20+%20escape(h);%20window.location%20=%20h;")
+ return ("javascript:%20var%20h%20=%20window.location.href;%20h%20=%20'" +
+ site_host + "/s/'%20+%20escape(h);%20window.location%20=%20h;")
else:
# these are the linked/disliked buttons, which we have removed
# from the UI
return (("javascript:function b(){var u=encodeURIComponent(location.href);"
"var i=document.getElementById('redstat')||document.createElement('a');"
"var s=i.style;s.position='%(position)s';s.top='0';s.left='0';"
"s.zIndex='10002';i.id='redstat';"
- "i.href='http://%(site_domain)s/submit?url='+u+'&title='+"
+ "i.href='%(site_host)s/submit?url='+u+'&title='+"
"encodeURIComponent(document.title);"
"var q=i.firstChild||document.createElement('img');"
- "q.src='http://%(domain)s/d/%(type)s.png?v='+Math.random()+'&uh=%(modhash)s&u='+u;"
+ "q.src='%(site_host)s/d/%(type)s.png?v='+Math.random()+'&uh=%(modhash)s&u='+u;"
"i.appendChild(q);document.body.appendChild(i)};b()") %
dict(position = "absolute" if browser == "ie" else "fixed",
- domain = domain, site_domain = site_domain, type = type,
+ site_host = site_host, type = type,
modhash = c.modhash if c.user else ''))
View
@@ -393,19 +393,20 @@ def make_permalink(self, sr, force_domain=False):
# include that in the path
if self.promoted is not None:
if force_domain:
- res = "http://%s/%s" % (get_domain(cname=False,
- subreddit=False), p)
+ permalink_domain = get_domain(cname=False, subreddit=False)
+ res = "%s://%s/%s" % (g.default_scheme, permalink_domain, p)
else:
res = "/%s" % p
elif not c.cname and not force_domain:
res = "/r/%s/%s" % (sr.name, p)
elif sr != c.site or force_domain:
if(c.cname and sr == c.site):
- res = "http://%s/%s" % (get_domain(cname=True,
- subreddit=False), p)
+ permalink_domain = get_domain(cname=True, subreddit=False)
+ res = "%s://%s/%s" % (g.default_scheme, permalink_domain, p)
else:
- res = "http://%s/r/%s/%s" % (get_domain(cname=False,
- subreddit=False), sr.name, p)
+ permalink_domain = get_domain(cname=False, subreddit=False)
+ res = "%s://%s/r/%s/%s" % (g.default_scheme, permalink_domain,
+ sr.name, p)
else:
res = "/%s" % p
@@ -707,7 +708,7 @@ def add_props(cls, user, wrapped):
item.subreddit_path = item.subreddit.path
if cname:
- item.subreddit_path = ("http://" +
+ item.subreddit_path = (g.default_scheme + "://" +
get_domain(cname=(site == item.subreddit),
subreddit=False))
if site != item.subreddit:
@@ -1488,7 +1489,7 @@ def add_props(cls, user, wrapped):
item.subreddit_path = item.subreddit.path
if cname:
- item.subreddit_path = ("http://" +
+ item.subreddit_path = (g.default_scheme + "://" +
get_domain(cname=(site == item.subreddit),
subreddit=False))
if site != item.subreddit:
@@ -1886,7 +1887,8 @@ def make_permalink(self, force_domain=False):
from r2.lib.template_helpers import get_domain
p = self.permalink
if force_domain:
- res = "http://%s%s" % (get_domain(cname=False, subreddit=False), p)
+ permalink_domain = get_domain(cname=False, subreddit=False)
+ res = "%s://%s%s" % (g.default_scheme, permalink_domain, p)
else:
res = p
return res
@@ -39,12 +39,12 @@
${optionalstyle("margin:0;" +
("padding-bottom:3px" if not c.cname else ""))}
>
- <a href="http://${get_domain()}/" ${optionalstyle("margin:5px;")}
+ <a href="${g.default_scheme}://${get_domain()}/" ${optionalstyle("margin:5px;")}
%if c.link_target:
target="${c.link_target}"
%endif
>
- <img src="https://${get_domain(subreddit=False)}/static/spreddit1.gif"
+ <img src="${g.default_scheme}://${get_domain(subreddit=False)}/static/spreddit1.gif"
alt=""
${optionalstyle("border:none")} />
</a>
@@ -54,11 +54,11 @@
if not isinstance(c.site, FakeSubreddit):
name += ".%s" % g.domain
if c.link_target:
- link = format_html('<a %s href="http://%s/" target="%s">%s</a></h3>',
- style, get_domain(), c.link_target, name)
+ link = format_html('<a %s href="%s://%s/" target="%s">%s</a></h3>',
+ style, g.default_scheme, get_domain(), c.link_target, name)
else:
- link = format_html('<a %s href="http://%s/">%s</a></h3>',
- style, get_domain(), name)
+ link = format_html('<a %s href="%s://%s/">%s</a></h3>',
+ style, g.default_scheme, get_domain(), name)
%>
${self.titlebar(link)}
</h4>
@@ -67,7 +67,7 @@
class="powered-by-reddit">
<small>
powered by&#32;
- <a href="http://${g.domain}"
+ <a href="${g.default_scheme}://${g.domain}"
${optionalstyle("text-decoration:none;color:#336699")}
%if c.link_target:
target="${c.link_target}"
@@ -27,7 +27,9 @@
from r2.lib.strings import Score
%>
-<%def name="submiturl(url, title='')">${("http://%s/submit" % get_domain(cname = c.cname, subreddit = not c.cname)) + query_string(dict(url=url, title=title))}</%def>
+<%def name="submiturl(url, title='')">
+ ${("%s://%s/submit" % (g.default_scheme, get_domain(cname = c.cname, subreddit = not c.cname))) + query_string(dict(url=url, title=title))}
+</%def>
<%
if thing._fullname:
@@ -49,7 +49,7 @@
%else:
<small>
- <a href="http://${get_domain()}/user/${thing.author.name}">
+ <a href="${g.default_scheme}://${get_domain()}/user/${thing.author.name}">
<b>${thing.author.name}</b></a>&#32;
<span id="score_${thing._fullname}">
%if thing.score_hidden:
@@ -46,7 +46,7 @@ <h2 class="button">report a bug</h2>
<li id="reddit-trademark">
<h2 class="button">use the reddit trademark</h2>
<ul class="details">
- <li>You'll need a license to use the reddit trademark. Read our&#32;<a href="http://www.reddit.com/wiki/licensing">licensing page</a>&#32;to find out how to get permission.</li>
+ <li>You'll need a license to use the reddit trademark. Read our&#32;<a href="https://www.reddit.com/wiki/licensing">licensing page</a>&#32;to find out how to get permission.</li>
</ul>
</li>
<li id="press-enquiry">
@@ -68,7 +68,7 @@ <h2 class="button">advertise on reddit</h2>
<h2 class="button">ask a general question</h2>
<ul class="details">
<li>Maybe you want to&#32;<a href="/r/askreddit">/r/askreddit</a>? Or for help try making a post at&#32;<a href="/r/help">/r/help</a>.</li>
- <li>Need help with a&#32;<a href="http://redditgifts.com/exchanges">redditgifts exchange</a>? Email&#32;<a href="mailto:support@redditgifts.com">support@redditgifts.com</a>.</li>
+ <li>Need help with a&#32;<a href="https://redditgifts.com/exchanges">redditgifts exchange</a>? Email&#32;<a href="mailto:support@redditgifts.com">support@redditgifts.com</a>.</li>
<li>Got a question about&#32;<a href="/gold/about">reddit gold</a>? Please email&#32;<a href="mailto:${g.goldsupport_email}">${g.goldsupport_email}</a>.</li>
<li>Anything we didn't cover? Email us at&#32;<a href="mailto:contact@reddit.com">contact@reddit.com</a>&#32;and include your reddit username if you have one.</li>
</ul>
@@ -75,7 +75,7 @@
}
})(jQuery);
document.write('<iframe name="reddit-window" id="reddit-window"' +
- 'src="http://${get_domain(cname=False, subreddit=True)}/framebuster/'
+ 'src="${g.default_scheme}://${get_domain(cname=False, subreddit=True)}/framebuster/'
+ Math.random() +
'" width="1" height="1" style="visibility: hidden"></iframe>');
</script>
@@ -123,7 +123,7 @@
<div class="clear options_expando hidden">
<%
subject = "[reddit] I wanted to share this link with you"
- body = """%(user)s shared a link with you from reddit (http://www.reddit.com/):
+ body = """%(user)s shared a link with you from reddit (https://www.reddit.com/):
%(link)s
@@ -136,7 +136,7 @@ there's also a discussion going on here:
link = _force_unicode(thing.url),
title = _force_unicode(thing.title),
permalink = add_sr(thing.permalink, sr_path = False, force_hostname = True, retain_extension=False))
- url = "http://reddit.com/%s" % thing._id36
+ url = "https://reddit.com/%s" % thing._id36
title = _force_unicode(thing.title)
tweet = "%s %s" % (title[0:(139-len(url))], url)
%>
@@ -47,7 +47,7 @@
<%
from r2.lib.strings import Score
domain = get_domain(subreddit=False)
- permalink = "http://%s%s" % (domain, thing.permalink)
+ permalink = "%s://%s%s" % (g.default_scheme, domain, thing.permalink)
expanded = request.GET.get("expanded")
two_col = request.GET.has_key("twocolumn") if l else False
%>
@@ -59,14 +59,14 @@
%endif
submitted by
%if not thing.author._deleted:
- <a href="http://${domain}/user/${thing.author.name}">
+ <a href="${g.default_scheme}://${domain}/user/${thing.author.name}">
${thing.author.name}
</a>
%else:
${_("[deleted]")}
%endif
%if thing.different_sr:
- to <a href="http://${domain}${thing.subreddit.path}">
+ to <a href="${g.default_scheme}://${domain}${thing.subreddit.path}">
${thing.subreddit.name}</a>
%endif
<br/>
Oops, something went wrong.

0 comments on commit 9372deb

Please sign in to comment.