[rietveld] 2 new revisions pushed by maruel@chromium.org on 2012-11-20 14:41 GMT
1 view
Skip to first unread message
riet...@googlecode.com
Nov 20, 2012, 9:42:03 AM11/20/12
to coderev...@googlegroups.com
2 new revisions:
Revision: 7389906aaf5f
Branch: default
Author: Marc-Antoine Ruel <mar...@chromium.org>
Date: Tue Nov 20 06:40:56 2012
Log: Add HTTPS redirect and HSTS headers....
http://code.google.com/p/rietveld/source/detail?r=7389906aaf5f
Revision: 6b0723885b3e
Branch: chromium
Author: Marc-Antoine Ruel <mar...@chromium.org>
Date: Tue Nov 20 06:41:33 2012
Log: Merge default @ 7389906aaf5f
http://code.google.com/p/rietveld/source/detail?r=6b0723885b3e
==============================================================================
Revision: 7389906aaf5f
Branch: default
Author: Marc-Antoine Ruel <mar...@chromium.org>
Date: Tue Nov 20 06:40:56 2012
Log: Add HTTPS redirect and HSTS headers.
BUG=https://code.google.com/p/chromium/issues/detail?id=158522
Review: https://codereview.appspot.com/6844058/
Patch contributed by iann...@chromium.org
http://code.google.com/p/rietveld/source/detail?r=7389906aaf5f
Modified:
/codereview/middleware.py
/settings.py
=======================================
--- /codereview/middleware.py Sun Jan 22 09:13:15 2012
+++ /codereview/middleware.py Tue Nov 20 06:40:56 2012
@@ -21,12 +21,28 @@
from google.appengine.runtime import DeadlineExceededError
from django.conf import settings
-from django.http import Http404, HttpResponse
+from django.http import Http404, HttpResponse,
HttpResponsePermanentRedirect
from django.template import Context, loader
from codereview import models
+class AddHSTSHeaderMiddleware(object):
+ """Add HTTP Strict Transport Security header."""
+
+ def process_request(self, request):
+ if not request.is_secure():
+ request_url = request.build_absolute_uri(request.get_full_path())
+ return HttpResponsePermanentRedirect(
+ request_url.replace('http://', 'https://'))
+
+ def process_response(self, request, response):
+ if request.is_secure():
+ response['Strict-Transport-Security'] = (
+ 'max-age=%d' % settings.HSTS_MAX_AGE)
+ return response
+
+
class AddUserToRequestMiddleware(object):
"""Add a user object and a user_is_admin flag to each request."""
=======================================
--- /settings.py Thu Dec 8 13:10:16 2011
+++ /settings.py Tue Nov 20 06:40:56 2012
@@ -33,9 +33,11 @@
INSTALLED_APPS = (
'codereview',
)
+HSTS_MAX_AGE = 60*60*24*365 # 1 year in seconds.
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.middleware.http.ConditionalGetMiddleware',
+ 'codereview.middleware.AddHSTSHeaderMiddleware',
'codereview.middleware.AddUserToRequestMiddleware',
'codereview.middleware.PropagateExceptionMiddleware',
)
==============================================================================
Revision: 6b0723885b3e
Branch: chromium
Author: Marc-Antoine Ruel <mar...@chromium.org>
Date: Tue Nov 20 06:41:33 2012
Log: Merge default @ 7389906aaf5f
http://code.google.com/p/rietveld/source/detail?r=6b0723885b3e
Modified:
/codereview/middleware.py
/codereview/views.py
/settings.py
=======================================
--- /codereview/middleware.py Wed Aug 22 09:00:10 2012
+++ /codereview/middleware.py Tue Nov 20 06:41:33 2012
@@ -27,6 +27,22 @@
from codereview import models
+class AddHSTSHeaderMiddleware(object):
+ """Add HTTP Strict Transport Security header."""
+
+ def process_request(self, request):
+ if not request.is_secure():
+ request_url = request.build_absolute_uri(request.get_full_path())
+ return HttpResponsePermanentRedirect(
+ request_url.replace('http://', 'https://'))
+
+ def process_response(self, request, response):
+ if request.is_secure():
+ response['Strict-Transport-Security'] = (
+ 'max-age=%d' % settings.HSTS_MAX_AGE)
+ return response
+
+
class AddUserToRequestMiddleware(object):
"""Add a user object and a user_is_admin flag to each request."""
=======================================
--- /codereview/views.py Thu Nov 8 11:48:25 2012
+++ /codereview/views.py Tue Nov 20 06:41:33 2012
@@ -4087,6 +4087,13 @@
# As a workaround we try to decode the payload ourselves.
if payload.encoding == '8bit' and payload.charset:
body = payload.payload.decode(payload.charset)
+ # If neither encoding not charset is set, but payload contains
+ # non-ASCII chars we can't use payload.decode() because it returns
+ # payload.payload unmodified. The later type cast to db.Text fails
+ # with a UnicodeDecodeError then.
+ elif payload.encoding is None and payload.charset is None:
+ # assume utf-8 but set replace flag to go for sure.
+ body = payload.payload.decode('utf-8', 'replace')
else:
body = payload.decode()
break
=======================================
--- /settings.py Thu Aug 23 12:18:50 2012
+++ /settings.py Tue Nov 20 06:41:33 2012
@@ -38,9 +38,11 @@
INSTALLED_APPS = (
'codereview',
)
+HSTS_MAX_AGE = 60*60*24*365 # 1 year in seconds.
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.middleware.http.ConditionalGetMiddleware',
+ 'codereview.middleware.AddHSTSHeaderMiddleware',
'codereview.middleware.AddUserToRequestMiddleware',
'codereview.middleware.PropagateExceptionMiddleware',
# TODO: figure how/when to re-enable these redirects.
Revision: 7389906aaf5f
Branch: default
Author: Marc-Antoine Ruel <mar...@chromium.org>
Date: Tue Nov 20 06:40:56 2012
Log: Add HTTPS redirect and HSTS headers....
http://code.google.com/p/rietveld/source/detail?r=7389906aaf5f
Revision: 6b0723885b3e
Branch: chromium
Author: Marc-Antoine Ruel <mar...@chromium.org>
Date: Tue Nov 20 06:41:33 2012
Log: Merge default @ 7389906aaf5f
http://code.google.com/p/rietveld/source/detail?r=6b0723885b3e
==============================================================================
Revision: 7389906aaf5f
Branch: default
Author: Marc-Antoine Ruel <mar...@chromium.org>
Date: Tue Nov 20 06:40:56 2012
Log: Add HTTPS redirect and HSTS headers.
BUG=https://code.google.com/p/chromium/issues/detail?id=158522
Review: https://codereview.appspot.com/6844058/
Patch contributed by iann...@chromium.org
http://code.google.com/p/rietveld/source/detail?r=7389906aaf5f
Modified:
/codereview/middleware.py
/settings.py
=======================================
--- /codereview/middleware.py Sun Jan 22 09:13:15 2012
+++ /codereview/middleware.py Tue Nov 20 06:40:56 2012
@@ -21,12 +21,28 @@
from google.appengine.runtime import DeadlineExceededError
from django.conf import settings
-from django.http import Http404, HttpResponse
+from django.http import Http404, HttpResponse,
HttpResponsePermanentRedirect
from django.template import Context, loader
from codereview import models
+class AddHSTSHeaderMiddleware(object):
+ """Add HTTP Strict Transport Security header."""
+
+ def process_request(self, request):
+ if not request.is_secure():
+ request_url = request.build_absolute_uri(request.get_full_path())
+ return HttpResponsePermanentRedirect(
+ request_url.replace('http://', 'https://'))
+
+ def process_response(self, request, response):
+ if request.is_secure():
+ response['Strict-Transport-Security'] = (
+ 'max-age=%d' % settings.HSTS_MAX_AGE)
+ return response
+
+
class AddUserToRequestMiddleware(object):
"""Add a user object and a user_is_admin flag to each request."""
=======================================
--- /settings.py Thu Dec 8 13:10:16 2011
+++ /settings.py Tue Nov 20 06:40:56 2012
@@ -33,9 +33,11 @@
INSTALLED_APPS = (
'codereview',
)
+HSTS_MAX_AGE = 60*60*24*365 # 1 year in seconds.
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.middleware.http.ConditionalGetMiddleware',
+ 'codereview.middleware.AddHSTSHeaderMiddleware',
'codereview.middleware.AddUserToRequestMiddleware',
'codereview.middleware.PropagateExceptionMiddleware',
)
==============================================================================
Revision: 6b0723885b3e
Branch: chromium
Author: Marc-Antoine Ruel <mar...@chromium.org>
Date: Tue Nov 20 06:41:33 2012
Log: Merge default @ 7389906aaf5f
http://code.google.com/p/rietveld/source/detail?r=6b0723885b3e
Modified:
/codereview/middleware.py
/codereview/views.py
/settings.py
=======================================
--- /codereview/middleware.py Wed Aug 22 09:00:10 2012
+++ /codereview/middleware.py Tue Nov 20 06:41:33 2012
@@ -27,6 +27,22 @@
from codereview import models
+class AddHSTSHeaderMiddleware(object):
+ """Add HTTP Strict Transport Security header."""
+
+ def process_request(self, request):
+ if not request.is_secure():
+ request_url = request.build_absolute_uri(request.get_full_path())
+ return HttpResponsePermanentRedirect(
+ request_url.replace('http://', 'https://'))
+
+ def process_response(self, request, response):
+ if request.is_secure():
+ response['Strict-Transport-Security'] = (
+ 'max-age=%d' % settings.HSTS_MAX_AGE)
+ return response
+
+
class AddUserToRequestMiddleware(object):
"""Add a user object and a user_is_admin flag to each request."""
=======================================
--- /codereview/views.py Thu Nov 8 11:48:25 2012
+++ /codereview/views.py Tue Nov 20 06:41:33 2012
@@ -4087,6 +4087,13 @@
# As a workaround we try to decode the payload ourselves.
if payload.encoding == '8bit' and payload.charset:
body = payload.payload.decode(payload.charset)
+ # If neither encoding not charset is set, but payload contains
+ # non-ASCII chars we can't use payload.decode() because it returns
+ # payload.payload unmodified. The later type cast to db.Text fails
+ # with a UnicodeDecodeError then.
+ elif payload.encoding is None and payload.charset is None:
+ # assume utf-8 but set replace flag to go for sure.
+ body = payload.payload.decode('utf-8', 'replace')
else:
body = payload.decode()
break
=======================================
--- /settings.py Thu Aug 23 12:18:50 2012
+++ /settings.py Tue Nov 20 06:41:33 2012
@@ -38,9 +38,11 @@
INSTALLED_APPS = (
'codereview',
)
+HSTS_MAX_AGE = 60*60*24*365 # 1 year in seconds.
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.middleware.http.ConditionalGetMiddleware',
+ 'codereview.middleware.AddHSTSHeaderMiddleware',
'codereview.middleware.AddUserToRequestMiddleware',
'codereview.middleware.PropagateExceptionMiddleware',
# TODO: figure how/when to re-enable these redirects.
Reply all
Reply to author
Forward
0 new messages