Pyramid 调试工具栏通过 HTTP 而不是 HTTPS 提供静态内容

Pyramid debug toolbar serving static content over HTTP instead of HTTPS

在我们的测试服务器上,我们使用 Pyramid debug toolbar,但是,它会生成 http:// 指向静态内容的链接(比如它的 CSS 和 JavaScript 文件) ,而其余​​内容则通过 HTTPS 提供。这会导致混合内容警告,并破坏所有功能。有没有办法强制它生成 HTTPS 链接?

我知道可以在 Chrome 中启用混合内容,这很有效,但对于整个 QA 团队来说,这不是一个可行的解决方案。

可能有 better/simpler 种方法可以实现这一点,但您可以做一件事来实现这一点,即在每次调用 request.static_url().

时添加 _scheme='https' 参数

为此你当然可以编辑 pyramid/url.py,但你也可以在你的项目中这样做 __init__.py:

from pyramid.url import URLMethodsMixin

URLMethodsMixin.static_url_org = URLMethodsMixin.static_url  # backup of original

def https_static_url(self, *args, **kw):
    kw['_scheme'] = 'https'  # add parameter forcing https
    return URLMethodsMixin.static_url_org(self, *args, **kw)  # call backup

URLMethodsMixin.static_url = https_static_url  # replace original with backup

static_url 的参数与 route_url 类似。来自文档:

Note that if _scheme is passed as https, and _port is not passed, the _port value is assumed to have been passed as 443. Likewise, if _scheme is passed as http and _port is not passed, the _port value is assumed to have been passed as 80. To avoid this behavior, always explicitly pass _port whenever you pass _scheme. Setting '_scheme' automatically forces port 443

通常,您通过 X-Forwarded-Proto HTTP header.

向您的 Web 服务器发出信号以使用 HTTPS 而不是 HTTP

来自 Nginx 的示例:

    proxy_set_header X-Forwarded-Proto $scheme;

但是,这不是标准的,可能取决于您的网络服务器配置。这是 Nginx + uWSGI 的完整示例:

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;

    uwsgi_pass 127.0.0.1:8001;
    uwsgi_param UWSGI_SCHEME https;
    uwsgi_pass_header X_FORWARDED_PROTO;
    uwsgi_pass_header X_REAL_IP;

See how WebOb (underlying Request for Pyramid) reconstructs URL from given HTTP headers.

You can add url_scheme param to your configuration file (separated by environment) like that:

[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = 6500
url_scheme = https