From 1d1e588d57017df03b70ccb7440c45f522f2e379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sybren=20A=2E=20St=C3=BCvel?= Date: Tue, 12 Dec 2017 10:56:34 +0100 Subject: [PATCH] Switch: Always follow PREFERRED_URL_SCHEME instead of the request scheme When getting an _external=True URL, we shouldn't use the scheme of the current request at all (this depends on HaProxy forwarding the correct headers, which might fail when misconfigured) and just always use the preferred URL scheme. This fixes it at least for the user switching, because Blender ID will refuse to redirect back to a http:// URL. --- pillar/web/users/routes.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pillar/web/users/routes.py b/pillar/web/users/routes.py index 713e5ffc..dd04bb34 100644 --- a/pillar/web/users/routes.py +++ b/pillar/web/users/routes.py @@ -5,6 +5,7 @@ from flask import abort, Blueprint, redirect, render_template, request, session, from flask_login import login_required from werkzeug import exceptions as wz_exceptions +from pillar import current_app import pillar.api.blender_cloud.subscription import pillar.auth from pillar.api.blender_cloud.subscription import update_subscription @@ -16,6 +17,7 @@ from pillar.auth.oauth import OAuthSignIn, ProviderConfigurationMissing, Provide from pillar.web import system_util from pillarsdk import exceptions as sdk_exceptions from pillarsdk.users import User + from . import forms log = logging.getLogger(__name__) @@ -121,9 +123,11 @@ def switch(): # Without this URL, the user will remain on the Blender ID site. We want them to come # back to the Cloud after switching users. + scheme = current_app.config.get('PREFERRED_URL_SCHEME', 'https') next_url_after_bid_login = url_for('users.login', next=next_url_after_cloud_login, force='yes', + _scheme=scheme, _external=True) return redirect(blender_id.switch_user_url(next_url=next_url_after_bid_login))