[PATCH] Make {urlbase} work in templates when https is used
Wesley J. Landaker
wjl at icecavern.net
Wed Jul 11 15:52:33 CDT 2007
On Wednesday 11 July 2007 05:10:47 Thomas Arendsen Hein wrote:
> > > Which servers set this https variable?
> >
> > Well, at least Apache & Lighttpd, for two.
> >
> > I used this because it's also used in do_unbundle in the same file, for
> > verifying that SSL is used if required by a config option. See around
> > line 1074.
>
> Ah, good point :)
>
> Pushed your patch with some whitespace removed to crew.
Okay, great.
> > I thought about making a patch for that by adding a/(some) config
> > variable(s) that let you specifically set the urlbase, but I hadn't
> > really looked into that yet.
>
> Current crew's hg serve can speak ssl, too, but doesn't set HTTPS.
>
> I guess we could split out SSL detection into a separate function
> and fix it after that.
Here are some thoughts I had. I see two separate issues where we want to
detect SSL, and these should probably be re-factored into one place.
* Determining if SSL (or, in the future, TLS) is being used, for purposes
of deciding if something is allowed (e.g. doing authentication). This
should probably be done in one place, using various good heuristics, like
seeing if the HTTPS (or other?) environment variables are set to certain
things, using internally set flags from "hg serve", looking at wsgi
parameters, etc.
* Determining what the protocol for generated URLs should look like for
templates, say for instance so that the web interface, RSS feeds, etc,
point to the correct URL. This should by default be autodetected by looking
at the above (e.g. if SSL is enabled, assume "https", since HTTP+TLS isn't
common yet), but should also be settable via a config option, so you can do
things like run http behind an https proxy, etc. (This part of things I was
very partially addressing in the patch that's the subject of this thread.)
What do you guys think about that? I'm not totally volunteering to do all
the work =), but I may have time to work towards a patchset that's on the
right track if there is some agreement about how this should work.
I'd also like any comments/corrections if I'm totally missing something.
--
Wesley J. Landaker <wjl at icecavern.net> <xmpp:wjl at icecavern.net>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://selenic.com/pipermail/mercurial-devel/attachments/20070711/d0acb5fa/attachment.pgp
More information about the Mercurial-devel
mailing list