xtypebee / rietveld

Automatically exported from code.google.com/p/rietveld
Apache License 2.0
0 stars 0 forks source link

Redirect To HTTPS Middleware #419

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Since the introduction of RedirectToHTTPSMiddleware, it is no more possible to 
use rietveld without https.
I think this should be an option as appengine doesn't allow https on custom 
domain (without having his own certificate).
So why not use the secure configuration (app.yaml) instead of the middleware?

Original issue reported on code.google.com by cedric.krier@b2ck.com on 31 Jan 2013 at 6:12

GoogleCodeExporter commented 9 years ago
If you host it yourself, modify the code to remove this middleware. It's two 
lines to comment out in settings.py.

Original comment by maruel@chromium.org on 16 Oct 2013 at 4:54

GoogleCodeExporter commented 9 years ago
But I don't host my self the instance, I use appengine.
So now I have to edit the code after each update when there is a configuration 
option in appengine to have the same behavior. For me, it sounds very strange 
to not take advantage of the configuration option.

Original comment by cedric.krier@b2ck.com on 16 Oct 2013 at 5:06

GoogleCodeExporter commented 9 years ago
The reason for RedirectToHTTPSMiddleware is that it works on hosted domain 
without the custom SSL certificate, so you can have it redirect to 
<instance>.appspot.com first, and then have it upgraded to https. This is 
exactly your situation.

This exact redirect flow is not possible with app.yaml.

Original comment by maruel@chromium.org on 16 Oct 2013 at 5:25