def test_hsts_subdomains(): app = sslify(testapp.test_app, subdomains=True) env = create_environ() env['wsgi.url_scheme'] = 'https' app_iter, status, headers = run_wsgi_app(app, env) assert status == '200 OK' assert headers['Strict-Transport-Security'] == 'max-age=31536000; includeSubDomains'
def run(port, db_uri, hsts): cert_db = CertificateDatabase(db_uri) crtsh_checker = CrtshChecker() app = raw_app = WSGIApplication(cert_db, crtsh_checker) if hsts: app = wsgi_sslify.sslify(app, subdomains=True) def build_service(reactor): multi = MultiService() StreamServerEndpointService( TCP4ServerEndpoint(reactor, port), server.Site( wsgi.WSGIResource(reactor, reactor.getThreadPool(), app), )).setServiceParent(multi) logger = Logger() TimerService( # Run every 10 minutes 10 * 60, lambda: deferToThread(check_for_revocation, cert_db, crtsh_checker) .addErrback(lambda f: logger.failure( "Error checking for revocation", f))).setServiceParent(multi) TimerService( 60 * 60, lambda: deferToThread(raw_app._update_lint_summaries).addErrback( lambda f: logger.failure("Error updating cablint summaries", f ))).setServiceParent(multi) return multi run_service(build_service)
def test_https_proxy_custom_header_ignores_default_header(): app = sslify(testapp.test_app, proxy_header='X-PROTO') env = create_environ() env['HTTP_X_FORWARDED_PROTO'] = 'https' app_iter, status, headers = run_wsgi_app(app, env) assert status == '301 Moved Permanently' assert headers['Location'].startswith('https://')
def test_https_proxy_doesnt_redirect(): app = sslify(testapp.test_app) env = create_environ() env['HTTP_X_FORWARDED_PROTO'] = 'https' app_iter, status, headers = run_wsgi_app(app, env) assert status == '200 OK' assert headers['Strict-Transport-Security'] == 'max-age=31536000'
def test_hsts_defaults(): app = sslify(testapp.test_app) env = create_environ() env['wsgi.url_scheme'] = 'https' app_iter, status, headers = run_wsgi_app(app, env) assert status == '200 OK' assert headers['Strict-Transport-Security'] == 'max-age=31536000'
def test_hsts_off(): app = sslify(testapp.test_app, hsts=False) env = create_environ() env['wsgi.url_scheme'] = 'https' app_iter, status, headers = run_wsgi_app(app, env) assert status == '200 OK' assert 'Strict-Transport-Security' not in headers
def test_hsts_subdomains(): app = sslify(testapp.test_app, subdomains=True) env = create_environ() env['wsgi.url_scheme'] = 'https' app_iter, status, headers = run_wsgi_app(app, env) assert status == '200 OK' assert headers[ 'Strict-Transport-Security'] == 'max-age=31536000; includeSubDomains'
def test_redirect_to_http(): app = sslify(testapp.test_app) env = create_environ() app_iter, status, headers = run_wsgi_app(app, env) assert status == '301 Moved Permanently' assert headers['Location'].startswith('https://')
def test_permanent(): app = sslify(testapp.test_app, permanent=False) env = create_environ() app_iter, status, headers = run_wsgi_app(app, env) assert status == '302 Found' assert headers['Location'].startswith('https://')
def test_https_proxy_custom_header(): app = sslify(testapp.test_app, proxy_header='X-PROTO') env = create_environ() env['HTTP_X_PROTO'] = 'https' app_iter, status, headers = run_wsgi_app(app, env) assert status == '200 OK'
def test_https_proxy_doesnt_redirect(): app = sslify(testapp.test_app) env = create_environ() env['HTTP_X_FORWARDED_PROTO'] = 'https' app_iter, status, headers = run_wsgi_app(app, env) assert status == '200 OK'
""" WSGI config for Pontoon. It exposes the WSGI callable as a module-level variable named ``application``. For more information on this file, see https://docs.djangoproject.com/en/1.8/howto/deployment/wsgi/ """ from __future__ import absolute_import import os from django.core.wsgi import get_wsgi_application from wsgi_sslify import sslify # Set settings env var before importing whitenoise as it depends on # some settings. os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'pontoon.settings') from whitenoise.django import DjangoWhiteNoise # noqa # sslify sets a Strict-Transport-Security header, # which instructs browsers to always use HTTPS. application = sslify(DjangoWhiteNoise(get_wsgi_application()))
""" WSGI config for gettingstarted project. It exposes the WSGI callable as a module-level variable named ``application``. For more information on this file, see https://docs.djangoproject.com/en/1.6/howto/deployment/wsgi/ """ import os os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings") from django.core.wsgi import get_wsgi_application from whitenoise.django import DjangoWhiteNoise from wsgi_sslify import sslify secure_scheme_headers = {'X-FORWARDED-PROTO': 'https'} application = get_wsgi_application() application = DjangoWhiteNoise(application) application = sslify(application)
# if running multiple sites in the same mod_wsgi process. To fix this, use # mod_wsgi daemon mode with each site in its own daemon process, or use # os.environ["DJANGO_SETTINGS_MODULE"] = "treeherder.config.settings" os.environ.setdefault("DJANGO_SETTINGS_MODULE", "treeherder.config.settings") import environ from django.core.cache.backends.memcached import BaseMemcachedCache from django.core.wsgi import get_wsgi_application as django_app from wsgi_sslify import sslify from treeherder.config.whitenoise_custom import CustomWhiteNoise env = environ.Env() # Wrap the Django WSGI app with WhiteNoise so the UI can be served by gunicorn # in production, avoiding the need for Apache/nginx on Heroku. WhiteNoise will # serve the Django static files at /static/ and also those in the directory # referenced by WHITENOISE_ROOT at the site root. application = CustomWhiteNoise(django_app()) if env.bool('IS_HEROKU', default=False): # Redirect HTTP requests to HTTPS and set an HSTS header. # Required since the equivalent Django features will not be # able to alter requests that were served by WhiteNoise. application = sslify(application) # Fix django closing connection to MemCachier after every request: # https://code.djangoproject.com/ticket/11331 # Remove when https://github.com/django/django/pull/4866 fixed. BaseMemcachedCache.close = lambda self, **kwargs: None
for name in ['static', 'templates']: directory = os.path.join(app.config['PATH'], name) for entry in os.scandir(directory): if entry.is_file(): yield entry.path config = dwellingplace.settings.get_config(os.getenv('FLASK_ENV')) os.environ['WSGI_AUTH_CREDENTIALS'] = config.WSGI_AUTH_CREDENTIALS dpapp = dwellingplace.app.create_app(config) redapp = red.create_app(config) wsgi_app = BasicAuth( DispatcherMiddleware(dpapp.wsgi_app, {'/red': redapp.wsgi_app})) if dpapp.config['USE_HTTPS']: wsgi_app = sslify(wsgi_app) # pylint: disable=redefined-variable-type dpapp.wsgi_app = wsgi_app server = Server(host='0.0.0.0', extra_files=itertools.chain(find_assets(dpapp), find_assets(redapp))) manager = Manager(dpapp) manager.add_command('run', server) if __name__ == '__main__': manager.run()
""" WSGI config for Pontoon. It exposes the WSGI callable as a module-level variable named ``application``. For more information on this file, see https://docs.djangoproject.com/en/1.8/howto/deployment/wsgi/ """ import os from django.core.wsgi import get_wsgi_application from wsgi_sslify import sslify # Set settings env var before importing whitenoise as it depends on # some settings. os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'pontoon.settings') from whitenoise.django import DjangoWhiteNoise # noqa # sslify sets a Strict-Transport-Security header, # which instructs browsers to always use HTTPS. application = sslify(DjangoWhiteNoise(get_wsgi_application()))
def test_https_doesnt_redirect(): app = sslify(testapp.test_app) env = create_environ() env['wsgi.url_scheme'] = 'https' app_iter, status, headers = run_wsgi_app(app, env) assert status == '200 OK'
""" WSGI config for Pontoon. It exposes the WSGI callable as a module-level variable named ``application``. For more information on this file, see https://docs.djangoproject.com/en/1.8/howto/deployment/wsgi/ """ import os import dotenv from django.core.wsgi import get_wsgi_application from wsgi_sslify import sslify # Read dotenv file and inject it's values into the environment dotenv.load_dotenv(dotenv_path=os.environ.get("DOTENV_PATH")) # Set settings env var before importing whitenoise as it depends on # some settings. os.environ.setdefault("DJANGO_SETTINGS_MODULE", "pontoon.settings") # sslify sets a Strict-Transport-Security header, # which instructs browsers to always use HTTPS. application = sslify(get_wsgi_application())