scheme: add support for X-Forwarded-Proto header to specify the scheme to better address #314, #374 (#395)

ikreymer · web-flow · commit 08b0ac87f70f · 2018-10-23T09:13:23.000-07:00
diff --git a/pywb/apps/rewriterapp.py b/pywb/apps/rewriterapp.py
@@ -103,6 +103,7 @@ def __init__(self, framed_replay=False, jinja_env=None, config=None, paths=None)
         else:
             self.csp_header = None
 
+        # deprecated: Use X-Forwarded-Proto header instead!
         self.force_scheme = config.get('force_scheme')
 
     def add_csp_header(self, wb_url, status_headers):
@@ -223,8 +224,10 @@ def render_content(self, wb_url, kwargs, environ):
         wb_url = wb_url.replace('#', '%23')
         wb_url = WbUrl(wb_url)
 
-        if self.force_scheme:
-            environ['wsgi.url_scheme'] = self.force_scheme
+        proto = environ.get('HTTP_X_FORWARDED_PROTO', self.force_scheme)
+
+        if proto:
+            environ['wsgi.url_scheme'] = proto
 
         is_timegate = self._check_accept_dt(wb_url, environ)
 
diff --git a/tests/test_force_https.py b/tests/test_force_https.py
@@ -5,8 +5,21 @@
 class TestForceHttps(BaseConfigTest):
     @classmethod
     def setup_class(cls):
-        super(TestForceHttps, cls).setup_class('config_test.yaml',
-                                               custom_config={'force_scheme': 'https'})
+        super(TestForceHttps, cls).setup_class('config_test.yaml')
+
+    def test_force_https_replay_1(self, fmod):
+        resp = self.get('/pywb/20140128051539{0}/http://example.com/', fmod,
+                        headers={'X-Forwarded-Proto': 'https'})
+
+        assert '"https://localhost:80/pywb/20140128051539{0}/http://www.iana.org/domains/example"'.format(fmod) in resp.text, resp.text
+
+
+# ============================================================================
+class TestForceHttpsConfig(BaseConfigTest):
+    @classmethod
+    def setup_class(cls):
+        super(TestForceHttpsConfig, cls).setup_class('config_test.yaml',
+                                                     custom_config={'force_scheme': 'https'})
 
     def test_force_https_replay_1(self, fmod):
         resp = self.get('/pywb/20140128051539{0}/http://example.com/', fmod)
@@ -18,11 +31,11 @@ def test_force_https_replay_1(self, fmod):
 class TestForceHttpsRedirect(BaseConfigTest):
     @classmethod
     def setup_class(cls):
-        super(TestForceHttpsRedirect, cls).setup_class('config_test_redirect_classic.yaml',
-                                                       custom_config={'force_scheme': 'https'})
+        super(TestForceHttpsRedirect, cls).setup_class('config_test_redirect_classic.yaml')
 
     def test_force_https_redirect_replay_1(self, fmod):
-        resp = self.get('/pywb/20140128051539{0}/http://example.com/', fmod)
+        resp = self.get('/pywb/20140128051539{0}/http://example.com/', fmod,
+                        headers={'X-Forwarded-Proto': 'https'})
 
         assert resp.headers['Location'] == 'https://localhost:80/pywb/20140127171251{0}/http://example.com'.format(fmod)
         resp = resp.follow()
@@ -37,11 +50,11 @@ def test_force_https_redirect_replay_1(self, fmod):
 class TestForceHttpsRoot(BaseConfigTest):
     @classmethod
     def setup_class(cls):
-        super(TestForceHttpsRoot, cls).setup_class('config_test_root_coll.yaml',
-                                                   custom_config={'force_scheme': 'https'})
+        super(TestForceHttpsRoot, cls).setup_class('config_test_root_coll.yaml')
 
     def test_force_https_root_replay_1(self, fmod):
-        resp = self.get('/20140128051539{0}/http://www.iana.org/domains/example', fmod)
+        resp = self.get('/20140128051539{0}/http://www.iana.org/domains/example', fmod,
+                        headers={'X-Forwarded-Proto': 'https'})
 
         assert resp.headers['Location'] == 'https://localhost:80/20140128051539{0}/https://www.iana.org/domains/reserved'.format(fmod)
 
