We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi
I've encountered a trouble running authomatic on Heroku:
Thus, my application see all incoming connections as HTTP instead of HTTPS. Given Authomatic determine the redirection url base on the incoming url (i.g. https://github.com/peterhudec/authomatic/blob/master/authomatic/adapters.py#L248 for Werkzeug), this make Authomatic redirecting to HTTP://mysite.com instead of HTTPS://mysite.com, causing the Oauth provider to reject the request (the provided redirect url mismatches the declared one).
I've fixed this hacking the WerkzeugAdapter to force https:
class FlaskAuthomatic(Authomatic): class ForceHTTPSWerkzeugAdapter(WerkzeugAdapter): @property def url(self): import re return re.sub(r'^http://', 'https://', self.request.base_url) result = None def login(self, *login_args, **login_kwargs): """ Decorator for Flask view functions. """ def decorator(f): @wraps(f) def decorated(*args, **kwargs): self.response = make_response() adapter = self.ForceHTTPSWerkzeugAdapter(request, self.response) login_kwargs.setdefault('session', session) login_kwargs.setdefault('session_saver', self.session_saver) self.result = super(FlaskAuthomatic, self).login(adapter, *login_args, **login_kwargs) return f(*args, **kwargs) return decorated return decorator def session_saver(self): session.modified = True
But I believe this could be much more elegantly fixed using an optional configuration parameter to force the redirection url. What do you think ?
edit: I'm issue #100 ! Did I win something ? ^^
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi
I've encountered a trouble running authomatic on Heroku:
Thus, my application see all incoming connections as HTTP instead of HTTPS.
Given Authomatic determine the redirection url base on the incoming url (i.g. https://github.com/peterhudec/authomatic/blob/master/authomatic/adapters.py#L248 for Werkzeug), this make Authomatic redirecting to HTTP://mysite.com instead of HTTPS://mysite.com, causing the Oauth provider to reject the request (the provided redirect url mismatches the declared one).
I've fixed this hacking the WerkzeugAdapter to force https:
But I believe this could be much more elegantly fixed using an optional configuration parameter to force the redirection url. What do you think ?
edit:
I'm issue #100 ! Did I win something ? ^^
The text was updated successfully, but these errors were encountered: