On Jul 1, 2011, at 7:09 AM, Ross Peoples wrote: > Since I want to make sure that my application is as secure as possible, I > wanted to force all traffic to use HTTPS. At the bottom of my db.py, I have > this: > > ############ FORCED SSL ############# > session.secure() > if not request.is_https: > redirect('https://%s/%s' % (request.env.http_host, request.application)) > ##################################### > > It works great, secures the cookie, and redirects the user to the HTTPS > version of the site since session.secure() does not do this by itself. There > is one major problem with this, however, and that is that if I try to run a > script from cron, the script fails with a gluon.http.HTTP: 303 error due to > the fact that the script isn't using HTTPS. > > So is there a way to tell if a request is from a cron script? Or is there a > better way to do the forced SSL connections? Thanks.
global_settings.cronjob is a boolean indicating just that. I added it a while back while cleaning up some aspects of cron handling, so it should be present in any of the relatively recent versions. BTW, you can use URL() in a case like this if you like. Just add scheme='https' and URL will do its normal thing, but create an absolute URL as required. The rest of its functionality (a/c/f/args?vars and the like) work normally.