[Django] #29033: Sitemap framework does not properly detect secure requests

10 views
Skip to first unread message

Django

unread,
Jan 17, 2018, 4:27:16 PM1/17/18
to django-...@googlegroups.com
#29033: Sitemap framework does not properly detect secure requests
--------------------------------------------+------------------------
Reporter: Matt Magin | Owner: nobody
Type: Bug | Status: new
Component: contrib.sitemaps | Version: 2.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
--------------------------------------------+------------------------
Django settings provides the option of overriding the detected protocol by
setting SECURE_PROXY_SSL_HEADER, however contrib.sitemaps just defaults to
'http' if the protocol in the Sitemap class is not overridden.

Ideally contrib.sitemaps would use the request.is_secure() method to
detect the protocol in the request and default to that instead.

I would be happy to provide a patch but I feel some discussion is
required. The sitemap.xml views are easily fixed, however complexity is
added when updating the defaults in get_urls on the Sitemap object as it
doesn't have access to the request object.

--
Ticket URL: <https://code.djangoproject.com/ticket/29033>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Jan 17, 2018, 10:52:45 PM1/17/18
to django-...@googlegroups.com
#29033: Sitemap framework does not properly detect secure requests
----------------------------------+--------------------------------------

Reporter: Matt Magin | Owner: nobody
Type: Bug | Status: new
Component: contrib.sitemaps | Version: 2.0
Severity: Normal | Resolution:

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+--------------------------------------

Comment (by Tim Graham):

Generally, discussion happens more readily on the DevelopersMailingList,
so consider posting there and adding a link to the discussion here.

--
Ticket URL: <https://code.djangoproject.com/ticket/29033#comment:1>

Django

unread,
Jan 29, 2018, 9:52:56 AM1/29/18
to django-...@googlegroups.com
#29033: Sitemap framework does not properly detect secure requests
----------------------------------+--------------------------------------

Reporter: Matt Magin | Owner: nobody
Type: Bug | Status: closed
Component: contrib.sitemaps | Version: 2.0
Severity: Normal | Resolution: needsinfo

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+--------------------------------------
Changes (by Tim Graham):

* status: new => closed
* resolution: => needsinfo


Comment:

It looks to me like the `contrib.sitesmaps.index()` and `sitemap()` views
already use `request.scheme`. It's not clear to me what further
enhancements could be made.

--
Ticket URL: <https://code.djangoproject.com/ticket/29033#comment:2>

Reply all
Reply to author
Forward
0 new messages