diff options
author | Aurélien Bompard <aurelien@bompard.org> | 2013-12-05 18:40:40 +0100 |
---|---|---|
committer | Aurélien Bompard <aurelien@bompard.org> | 2013-12-05 18:41:36 +0100 |
commit | fd79e18378f1ade2ecbe1b9fded4e651d50040f8 (patch) | |
tree | 56c186105247f2e5d4b8d5cf3fcbf53150474ff4 | |
parent | 6674d2df7d9f846680ec4df2a835ff72d2771e99 (diff) | |
download | hyperkitty-fd79e18378f1ade2ecbe1b9fded4e651d50040f8.tar.gz hyperkitty-fd79e18378f1ade2ecbe1b9fded4e651d50040f8.tar.xz hyperkitty-fd79e18378f1ade2ecbe1b9fded4e651d50040f8.zip |
SSLRedirect middleware: if USE_SSL is false, don't redirect
Don't ever redirect, even to plaintext.
-rw-r--r-- | hyperkitty/middleware.py | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/hyperkitty/middleware.py b/hyperkitty/middleware.py index 4f48e37..26c00a2 100644 --- a/hyperkitty/middleware.py +++ b/hyperkitty/middleware.py @@ -90,14 +90,15 @@ SSL = 'SSL' class SSLRedirect(object): def process_view(self, request, view_func, view_args, view_kwargs): - secure = view_kwargs.pop(SSL, False) - if request.user.is_authenticated(): - secure = True + want_secure = view_kwargs.pop(SSL, False) if not settings.USE_SSL: # User-disabled (e.g: development server) - secure = False + return # but after having removed the 'SSL' kwarg + + if request.user.is_authenticated(): + want_secure = True - if not secure == self._is_secure(request): - return self._redirect(request, secure) + if not want_secure == self._is_secure(request): + return self._redirect(request, want_secure) def _is_secure(self, request): if request.is_secure(): |