Use wsgi.url_scheme to determine secure connections

As a WSGI application, Webware 3 should check wsgi.url_scheme instead of the HTTPS environment variable in order to reliably detect secure connections. Note that mod_wsgi even removes the HTTPS environment variable.
WebwareForPython · Jan 21, 2021 · 5a9e91b · 5a9e91b
1 parent d625bf3
commit 5a9e91b
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 4 deletions.
diff --git a/webware/HTTPRequest.py b/webware/HTTPRequest.py
@@ -152,7 +152,7 @@ def protocol(self):
 
     def isSecure(self):
         """Check whether this is a HTTPS connection."""
-        return self._environ.get('HTTPS', '').lower() == 'on'
+        return self._environ.get('wsgi.url_scheme') == 'https'
 
     # endregion Security
 

diff --git a/webware/HTTPResponse.py b/webware/HTTPResponse.py
@@ -404,7 +404,7 @@ def recordSession(self):
                 return
         cookie = Cookie(app.sessionName(trans), identifier)
         cookie.setPath(app.sessionCookiePath(trans))
-        if trans.request().isSecure():
+        if request.isSecure():
             cookie.setSecure(app.setting('SecureSessionCookie'))
         self.addCookie(cookie)
         if debug:

diff --git a/webware/Testing/TestIMS.py b/webware/Testing/TestIMS.py
@@ -33,8 +33,7 @@ def writeContent(self):
         d = self.request().serverDictionary()
         self._host = d['HTTP_HOST']  # includes the port
         self._httpConnection = (
-            http.client.HTTPSConnection
-            if d.get('HTTPS', '').lower() == 'on'
+            http.client.HTTPSConnection if d.get('wsgi.url_scheme') == 'https'
             else http.client.HTTPConnection)
         servletPath = self.request().servletPath()
         # pick a static file which is served up by Webware's UnknownFileHandler