cli returns url without looking at forwarded protocol

[srgvg]

➞  grep PASTEY_ENDPOINT ~/bin/pastey
PASTEY_ENDPOINT="https://pastebin.autops.eu/raw

➞  echo test | pastey
http://pastebin.xxxxx.yyy/view/91dca211-c7af-4b7f-ac81-2be6b8c59ed5

So the returned url does not have https I'm using ingress-nginx on k8s as reverse proxy, which yields all needed headers for this.

[Cesura]

Are you using 0.3.x or 0.4? I have the exact same setup, and after SSL termination the pod was receiving "http://" in request.url, so I added an option in the latest version to override this behavior.

https://github.com/Cesura/pastey/blob/cafbb2d8fecbcef1f284869373214675467b8a64/pastey/config.py#L57 PASTEY_FORCE_HTTPS_LINKS="True"

[srgvg]

Currently on 0.3.1.

From a wiredump:

POST /raw HTTP/1.1
Host: pastebin.xxxxx.yyyy
X-Request-ID: 9b0d2cf08318a18a45e4d09315e3874b
X-Real-IP: 10.1.2.3
X-Forwarded-For: 10.1.2.3
X-Forwarded-Host: pastebin.xxxx.yyy
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Scheme: https
Content-Length: 4
user-agent: curl/7.74.0
accept: */*
content-type: text/plain

testHTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 67
Server: Werkzeug/1.0.1 Python/3.6.9
Date: Fri, 16 Apr 2021 13:45:20 GMT

http://pastebin.xxxxx.yyy/view/806b52a1-7911-4a2d-8365-0be0e37fdcf2

I have PASTEY_BEHIND_PROXY=True. I see in pastey.common.get_source_ip you only use that for the client ip, but not not for the protocol.

X-Forwarded-Port: 443 and X-Forwarded-Proto: https is what you want to take into account in pastey.common.build_url

[srgvg]

Just tested 0.4 and that works for now.

[Cesura]

Thanks for the info, fixed in: https://github.com/Cesura/pastey/blob/7e68faf27ff76e60ad3b80317732684abb164197/pastey/common.py#L94