def process_view(self, request, view_func, view_args, view_kwargs): if settings.DEBUG_SECURE: return secure_request = request.is_secure() secure_view = isinstance(view_func, SecureView) # If the non-secure session is marked secure, refuse the request. # Likewise, if the secure session isn't marked secure, refuse the # request and delete the cookie. if request.session.get('is_secure'): return HttpResponseForbidden('Invalid session_id', mimetype='text/plain') if request.secure_session and not request.secure_session.get( 'is_secure'): resp = HttpResponseForbidden('Invalid secure_session_id', mimetype='text/plain') resp.delete_cookie('secure_session_id') return resp if secure_view and not secure_request: uri = request.build_absolute_uri().split(':', 1) uri = 'https:' + uri[1] return view_func.redirect(uri, request, 'secure') if not secure_view and secure_request: uri = request.build_absolute_uri().split(':', 1) uri = 'http:' + uri[1] if uri == 'http://%s/' % request.META.get('HTTP_HOST', ''): uri += '?preview=true' if isinstance(view_func, BaseView): return view_func.redirect(uri, request, 'secure') else: return HttpResponsePermanentRedirect(uri)
def process_view(self, request, view_func, view_args, view_kwargs): if settings.DEBUG_SECURE: return secure_request = request.is_secure() secure_view = isinstance(view_func, SecureView) # If the non-secure session is marked secure, refuse the request. # Likewise, if the secure session isn't marked secure, refuse the # request and delete the cookie. if request.session.get('is_secure'): return HttpResponseForbidden('Invalid session_id', mimetype='text/plain') if request.secure_session and not request.secure_session.get('is_secure'): resp = HttpResponseForbidden('Invalid secure_session_id', mimetype='text/plain') resp.delete_cookie('secure_session_id') return resp if secure_view and not secure_request: uri = request.build_absolute_uri().split(':', 1) uri = 'https:' + uri[1] return view_func.redirect(uri, request, 'secure') if not secure_view and secure_request: uri = request.build_absolute_uri().split(':', 1) uri = 'http:' + uri[1] if uri == 'http://%s/' % request.META.get('HTTP_HOST', ''): uri += '?preview=true' if isinstance(view_func, BaseView): return view_func.redirect(uri, request, 'secure') else: return HttpResponsePermanentRedirect(uri)