在金字塔中,如何从http重定向到https?
[英]In Pyramid how can I redirect from http to https?
问题描述
If you don't have access to the webserver, and the only way you have is to intercept the request and then do a redirect from http to https, what is the best approach to redirect? 
如果您无法访问网络服务器,并且唯一的方法是拦截请求,然后从http重定向到https,重定向的最佳方法是什么?
I tried looking at subscribers using NewRequest. 我尝试使用NewRequest查看订阅者。 I did something like so: 我做了类似的事情:
@subscriber(NewRequest) def modify_protocol(event): if re.search('some string', event.request.host_url): event.request.scheme = 'https'
However, this didn't do what I expected. 但是,这没有达到我的预期。 The page is still being rendered. 页面仍在呈现中。 Any ideas would be appreciated. 任何想法,将不胜感激。
Thanks in advance. 提前致谢。
2 个解决方案
解决方案1
7 2013-06-05 06:36:19
Inside a view: 在视图内:
if req.scheme == "http":
return HTTPFound("https://" + req.host + req.path_qs)
Using an event listener: 使用事件监听器:
@subscriber(NewRequest)
def redirect(event):
if event.request.scheme == "http":
raise HTTPFound("https://" + event.request.host + event.request.path_qs)
I looked into approaches using send and get_response , but couldn't find much. 我研究了使用send和get_response ,但找不到多少。
解决方案2
-1 2013-06-05 06:36:07
Some unsolicited advice - Don't redirect to SSL from non-SSL. 一些未经请求的建议 - 不要从非SSL重定向到SSL。
There's a security issue. 存在安全问题。 Basically, if someone manages to Man-In-The-Middle your non-SSL'd service, they could redirect it to an SSL service running with a valid certificate on a different server - the user might not notice this. 基本上,如果有人设法使用非SSL服务中的Man-In-The-Middle,他们可以将其重定向到在不同服务器上运行有效证书的SSL服务 - 用户可能不会注意到这一点。
It's better to provide a page that warns the user and provides a plain-text link for them to click. 最好提供一个警告用户的页面,并提供一个纯文本链接供他们点击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.