I have been testing a few things out regarding securing pages (and
unsecuring them).
Problem
My qp based app has a mix of pages that need to be secured and those
that don't. Secured in this case simply means https and not necessarily
logged in - i.e. user can be anonymous. Usually if the pages that do not
require securing get secured as a result of the scheme change to https
it does not matter. However, I have some pages that have large content
levels and they do not need to be secured and nor should they for
performance reasons. In fact I always want them to be unsecured.
Solution
Create the following new / updated methods on the site's Publisher class:
## code start
+ def unsecure(self):
+ ''' If the scheme is not http,
+ then redirect so that it will be.
+ '''
+
+ if get_request().get_scheme() == 'https':
+ self.redirect( self.complete_url('', unsecure=True) )
def complete_url(self, path, secure=False, unsecure=False):
"""(path:str, secure:bool=False) -> str
Turn path into a complete url to this publisher, changing the
scheme to https if secure is True.
+ And likewise changing the scheme to http if unsecure is True.
+ If both secure and unsecure are true then the page will be
secured - fail safe.
"""
s = str(path)
if not secure and s.startswith('http://'):
return s
if not unsecure and s.startswith('https://'):
return s
if secure:
host, port = self.get_site().get_https_address()
if not host:
host = get_request().get_server().split(':')[0]
if port == 443:
address = str(host)
else:
address = "%s:%s" % (host, port)
base = 'https://%s%s' % (address,
get_request().get_path_query())
+ elif unsecure:
+ host, port = self.get_site().get_http_address()
+ if not host:
+ host = get_request().get_server().split(':')[0]
+ if port == 80:
+ address = str(host)
+ else:
+ address = "%s:%s" % (host, port)
+ base = 'http://%s%s' % (address,
+ get_request().get_path_query())
else:
base = get_request().get_url()
return urljoin(base, self.complete_path(s))
## code end
Is this the right way to solve this problem?
Tristan