Unverified Commit 329c38ef authored by Ben Busby's avatar Ben Busby
Browse files

Hotfix: Enforce https in heroku opensearch template

Heroku instances were using the base http url when formatting the
opensearch.xml template. This adds a new routing utility, "needs_https",
which can be used for determining if the url in question needs
parent 5c69283e
......@@ -66,11 +66,7 @@ def before_request_func():
app.user_elements.update({session['uuid']: 0})
# Handle https upgrade
https_only = os.getenv('HTTPS_ONLY', False)
is_heroku = request.url.endswith('.herokuapp.com')
is_http = request.url.startswith('http://')
if (is_heroku and is_http) or (https_only and is_http):
if needs_https(request.url):
return redirect(
request.url.replace('http://', 'https://', 1),
......@@ -80,7 +76,7 @@ def before_request_func():
if not g.user_config.url:
g.user_config.url = request.url_root.replace(
'https://') if https_only else request.url_root
'https://') if os.getenv('HTTPS_ONLY', False) else request.url_root
g.user_request = Request(
......@@ -146,6 +142,10 @@ def opensearch():
if opensearch_url.endswith('/'):
opensearch_url = opensearch_url[:-1]
# Enforce https for opensearch template
if needs_https(opensearch_url):
opensearch_url = opensearch_url.replace('http://', 'https://', 1)
get_only = g.user_config.get_only or 'Chrome' in request.headers.get(
......@@ -5,10 +5,19 @@ from bs4 import BeautifulSoup as bsoup
from cryptography.fernet import Fernet, InvalidToken
from flask import g
from typing import Any, Tuple
import os
TOR_BANNER = '<hr><h1 style="text-align: center">You are using Tor</h1><hr>'
def needs_https(url: str) -> bool:
https_only = os.getenv('HTTPS_ONLY', False)
is_heroku = url.endswith('.herokuapp.com')
is_http = url.startswith('http://')
return (is_heroku and is_http) or (https_only and is_http)
class RoutingUtils:
def __init__(self, request, config, session, cookies_disabled=False):
method = request.method
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment