--- hub/httpd.conf | 6 ++---- www/conf/kojiweb.conf | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-)
diff --git a/hub/httpd.conf b/hub/httpd.conf index 5ecfb09..0463cd1 100644 --- a/hub/httpd.conf +++ b/hub/httpd.conf @@ -7,8 +7,7 @@ Alias /kojihub /usr/share/koji-hub/kojixmlrpc.py <Directory "/usr/share/koji-hub"> Options ExecCGI SetHandler wsgi-script - Order allow,deny - Allow from all + Require all granted </Directory>
# Support for mod_python is DEPRECATED. If you still need mod_python support, @@ -28,8 +27,7 @@ Alias /kojifiles "/mnt/koji/" <Directory "/mnt/koji"> Options Indexes AllowOverride None - Order allow,deny - Allow from all + Require all granted </Directory>
# uncomment this to enable authentication via SSL client certificates diff --git a/www/conf/kojiweb.conf b/www/conf/kojiweb.conf index cb75fba..78ed579 100644 --- a/www/conf/kojiweb.conf +++ b/www/conf/kojiweb.conf @@ -5,8 +5,7 @@ Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py" <Directory "/usr/share/koji-web/scripts/"> Options ExecCGI SetHandler wsgi-script - Order allow,deny - Allow from all + Require all granted </Directory>
# Support for mod_python is DEPRECATED. If you still need mod_python support, @@ -51,6 +50,5 @@ Alias /koji-static/ "/usr/share/koji-web/static/" <Directory "/usr/share/koji-web/static/"> Options None AllowOverride None - Order allow,deny - Allow from all + Require all granted </Directory>
--- koji/auth.py | 3 +++ www/kojiweb/index.py | 7 +++++++ 2 files changed, 10 insertions(+)
diff --git a/koji/auth.py b/koji/auth.py index e1a9c46..27a537d 100644 --- a/koji/auth.py +++ b/koji/auth.py @@ -372,6 +372,9 @@ class Session(object): if self.logged_in: raise koji.AuthError, "Already logged in"
+ if contect.environ.get('wsgi.url_scheme') == 'https': + context.environ['HTTPS'] = '1' + if context.environ.get('HTTPS') not in ['on', '1']: raise koji.AuthError, 'cannot call sslLogin() via a non-https connection'
diff --git a/www/kojiweb/index.py b/www/kojiweb/index.py index 0505c9c..6533746 100644 --- a/www/kojiweb/index.py +++ b/www/kojiweb/index.py @@ -176,6 +176,10 @@ def _construct_url(environ, page): port = environ['SERVER_PORT'] host = environ['SERVER_NAME'] url_scheme = 'http' + + if environ.get('wsgi.url_scheme') == 'https': + environ['HTTPS'] == '1' + if environ.get('HTTPS') in ('on','yes','1'): url_scheme = 'https' if (url_scheme == 'https' and port == '443') or \ @@ -219,6 +223,9 @@ def login(environ, page=None): session = _getServer(environ) options = environ['koji.options']
+ if environ.get('wsgi.url_scheme') == 'https': + environ['HTTPS'] = '1' + # try SSL first, fall back to Kerberos if options['WebCert']: if environ.get('HTTPS') not in ['on', 'yes', '1']:
Like Michael I failed trying to get my koji instance running on F18. My patch for the wsgi issue is slightly different so that it doesn't break older mod_python installations (I hope ;))
- Felix
On 03/22/2013 06:14 PM, Felix Kaechele wrote:
Like Michael I failed trying to get my koji instance running on F18. My patch for the wsgi issue is slightly different so that it doesn't break older mod_python installations (I hope ;))
Unnecessary. The url_scheme variable has been around since the inception of WSGI and as noted in the link in my email koji should have been using the variable to begin with to be WSGI-compliant.
Michael Cronenworth wrote:
Unnecessary. The url_scheme variable has been around since the inception of WSGI and as noted in the link in my email koji should have been using the variable to begin with to be WSGI-compliant.
Oh, I didn't know that. So then your patches make more sense now than mine. Thanks for the heads up!
- Felix
buildsys@lists.fedoraproject.org