diff options
Diffstat (limited to 'rpki/gui/decorators.py')
| -rw-r--r-- | rpki/gui/decorators.py | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/rpki/gui/decorators.py b/rpki/gui/decorators.py index ed10f3d9..d197acff 100644 --- a/rpki/gui/decorators.py +++ b/rpki/gui/decorators.py @@ -15,15 +15,23 @@ __version__ = '$Id$' from django import http +from os import getenv + + +# Don't set this in production, ever. Really. You have been warned. +# +_allow_plain_http_for_testing = getenv("ALLOW_PLAIN_HTTP_FOR_TESTING") == "I solemnly swear that I am not running this in production" def tls_required(f): - """Decorator which returns a 500 error if the connection is not secured - with TLS (https). + """ + Decorator which returns a 500 error if the connection is not + secured with TLS (https). + """ """ def _tls_required(request, *args, **kwargs): - if not request.is_secure(): + if not request.is_secure() and not _allow_plain_http_for_testing: return http.HttpResponseServerError( 'This resource may only be accessed securely via https', content_type='text/plain') |