On Jul 1, 2011, at 7:09 AM, Ross Peoples wrote:
> Since I want to make sure that my application is as secure as possible, I
> wanted to force all traffic to use HTTPS. At the bottom of my db.py, I have
> this:
>
> ############ FORCED SSL #############
> session.secure()
> if not request.is_https:
> redirect('https://%s/%s' % (request.env.http_host, request.application))
> #####################################
>
> It works great, secures the cookie, and redirects the user to the HTTPS
> version of the site since session.secure() does not do this by itself. There
> is one major problem with this, however, and that is that if I try to run a
> script from cron, the script fails with a gluon.http.HTTP: 303 error due to
> the fact that the script isn't using HTTPS.
>
> So is there a way to tell if a request is from a cron script? Or is there a
> better way to do the forced SSL connections? Thanks.
global_settings.cronjob is a boolean indicating just that. I added it a while
back while cleaning up some aspects of cron handling, so it should be present
in any of the relatively recent versions.
BTW, you can use URL() in a case like this if you like. Just add scheme='https'
and URL will do its normal thing, but create an absolute URL as required. The
rest of its functionality (a/c/f/args?vars and the like) work normally.
