➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2011-01-14 14:14 by techtonik, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (5) | |||
|---|---|---|---|
| msg126263 - (view) | Author: anatoly techtonik (techtonik) | Date: 2011-01-14 14:14 | |
http://docs.python.org/library/wsgiref.html#wsgiref.util.guess_scheme The documentation says servers typically set HTTPS variable to a value of “1” or “yes”, when a request is received via SSL, but CGI tutorials, IIS and Apache set this to “on”. Misleading documentation may be the reason of the bug with mod_wsgi that changes Apache's variable from “on” to “1” - https://issues.apache.org/bugzilla/show_bug.cgi?id=50581 The documentation should at least stress that “on” is the mainstream value for this variable. It will help to mention at least one popular server that returns “1”. |
|||
| msg126561 - (view) | Author: Georg Brandl (georg.brandl) *  |
Date: 2011-01-19 19:57 | |
The doc says "1", "yes" or "on". Looks fine to me. |
|||
| msg126653 - (view) | Author: anatoly techtonik (techtonik) | Date: 2011-01-20 22:08 | |
The problem that most scripts check for 'on', and not for '1'. http://www.cgi101.com/book/ch3/text.html More than that - I don't know any servers that set this to '1', except mod_wsgi, and perhaps other implementations that follow this wsgiref. mod_wsgi even changes value of Apache2 environment to '1' For existing CGI scripts (that rely on HTTPS parameter being 'on') and that are ported to WSGI, this creates additional issues with HTTPS, and wastes people time. |
|||
| msg126655 - (view) | Author: Graham Dumpleton (grahamd) | Date: 2011-01-20 22:20 | |
As has been pointed out to you already in other forums, the correct way of detecting in a compliant WSGI application that a SSL connection was used is to check the value of the wsgi.url_scheme variable. If your code does not do this then it is not a compliant WSGI application and you have no guarantee that it will work portably across different WSGI hosting mechanisms. This is because a WSGI server/adapter is not obligated to set the HTTPS variable in the WSGI environment dictionary. So, the correct thing to do, which for some reasons you don't want to, is to fix your code when it is being ported to adhere to the WSGI specification and what it dictates as the way of detecting a SSL connection. FWIW, the HTTPS variable will no longer be set from mod_wsgi version 4.0 to enforce the point that it is not the correct way of detecting that an SSL connection and that wsgi.url_scheme should be used. The HTTPS variable was only being set at all and with that value because older versions of Django weren't doing what you also refuse to do, which is check for wsgi.url_scheme instead of the HTTPS variable. Django did the right thing and fixed their code to be compliant. Why you can't and want to keep arguing this point in three different forums is beyond me. You have spent way much more time arguing the point than it would take to fix your code to be compliant. |
|||
| msg126700 - (view) | Author: Georg Brandl (georg.brandl) * |
Date: 2011-01-21 07:09 | |
The doc for this function is not a place to discuss what CGI scripts do. It describes what guess_scheme() does, and it does so sufficiently. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:11 | admin | set | github: 55115 |
| 2011-01-21 07:09:02 | georg.brandl | set | status: open -> closed nosy: georg.brandl, techtonik, grahamd, docs@python messages: + msg126700 |
| 2011-01-20 22:20:59 | grahamd | set | nosy:
+ grahamd messages: + msg126655 |
| 2011-01-20 22:08:21 | techtonik | set | status: closed -> open nosy: georg.brandl, techtonik, docs@python messages: + msg126653 |
| 2011-01-19 19:57:54 | georg.brandl | set | status: open -> closed nosy: + georg.brandl messages: + msg126561 resolution: works for me |
| 2011-01-14 14:14:33 | techtonik | create | |