diff options
Diffstat (limited to 'rpki/gui/decorators.py')
| -rw-r--r-- | rpki/gui/decorators.py | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/rpki/gui/decorators.py b/rpki/gui/decorators.py index b5c52afb..75efeae0 100644 --- a/rpki/gui/decorators.py +++ b/rpki/gui/decorators.py @@ -15,18 +15,24 @@ __version__ = '$Id$' from django import http -from django.conf import settings +from os import getenv -def tls_required(f): - """Decorator which returns a 500 error if the connection is not secured - with TLS (https). +# Don't set this in production, ever. Really. You have been warned. +# +_allow_plain_http_for_testing = getenv("ALLOW_PLAIN_HTTP_FOR_TESTING") == "I solemnly swear that I am not running this in production" + +def tls_required(f): + """ + Decorator which returns a 500 error if the connection is not + secured with TLS (https). """ + def _tls_required(request, *args, **kwargs): - if settings.DEBUG or request.is_secure(): - return f(request, *args, **kwargs) - return http.HttpResponseServerError( - 'This resource may only be accessed securely via https', - content_type='text/plain') + if not request.is_secure() and not _allow_plain_http_for_testing: + return http.HttpResponseServerError( + 'This resource may only be accessed securely via https', + content_type='text/plain') + return f(request, *args, **kwargs) return _tls_required |