diff options
| -rw-r--r-- | thatcomputerscientist/settings.py | 1 | ||||
| -rw-r--r-- | thatcomputerscientist/templatetags/subdomainurls.py | 6 | ||||
| -rw-r--r-- | users/views.py | 3 |
3 files changed, 7 insertions, 3 deletions
diff --git a/thatcomputerscientist/settings.py b/thatcomputerscientist/settings.py index d0188ea6..35284fe0 100644 --- a/thatcomputerscientist/settings.py +++ b/thatcomputerscientist/settings.py @@ -35,6 +35,7 @@ HOSTS = [".vcap.me"] if os.getenv('ENVIRONMENT') == 'development' else [".thatco CSRF_TRUSTED_ORIGINS = ['http://*.localhost', 'https://*.thatcomputerscientist.com', 'https://*.thatcomputerscientist.fly.dev/', 'http://*.vcap.me'] SESSION_COOKIE_DOMAIN = ".vcap.me" if os.getenv('ENVIRONMENT') == 'development' else ".thatcomputerscientist.com" DOMAIN_NAME = "vcap.me" if os.getenv('ENVIRONMENT') == 'development' else "thatcomputerscientist.com" +SECURE_SSL_REDIRECT = False if os.getenv('ENVIRONMENT') == 'development' else True # Application definition diff --git a/thatcomputerscientist/templatetags/subdomainurls.py b/thatcomputerscientist/templatetags/subdomainurls.py index cb7b2554..fa8af0b0 100644 --- a/thatcomputerscientist/templatetags/subdomainurls.py +++ b/thatcomputerscientist/templatetags/subdomainurls.py @@ -13,14 +13,16 @@ def subdomain_url(view_name, subdomain = None, referrer = None, *args, **kwargs) return reverse(view_name, args=args, kwargs=kwargs) if referrer: - return '//{}{}{}?referrer={}'.format( + return '{}://{}{}{}?referrer={}'.format( + 'https' if settings.SECURE_SSL_REDIRECT else 'http', subdomain, settings.HOSTS[0], reverse(view_name, args=args, kwargs=kwargs), referrer ) - return '//{}{}{}'.format( + return '{}://{}{}{}'.format( + 'https' if settings.SECURE_SSL_REDIRECT else 'http', subdomain, settings.HOSTS[0], reverse(view_name, args=args, kwargs=kwargs) diff --git a/users/views.py b/users/views.py index 5a7757a4..b0c2126e 100644 --- a/users/views.py +++ b/users/views.py @@ -20,7 +20,8 @@ def get_ref(request): try: referrer = request.META.get('QUERY_STRING').split('referrer=')[1] except: - referrer = request.META.get('HTTP_REFERER') + # Raise a unauthorized error if the referrer is not set + return HttpResponse('Unauthorized', status=401) if '?' in referrer: referrer = referrer.split('?')[0] return referrer |