> We could just use the value of public_url and force the WSGI app > environment to match. I've been resisting that because I don't want to > accidentally create security problems, e.g. convincing the app it's on > HTTPS when it's really HTTP. > > But, maybe we can add a config flag like "force_wsgi_environ" that would > enable this behaviour, and just take public_url as the source of all truth. Probably such brutal override would work, but a) it would make it rather easy to shoot yourself in the foot (security-wise), and b) even worse, IMHO it would make debugging hard, if the server didn't complain anymore (remember, this was the only useful message I got in the first place) Perhaps a more elegant solution would be an option to set the header(s) it should use instead of i.e. Host: for the (wsgi?)-environment.
Thanks for your help! Jonathan _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
