Pyramid debug toolbar serving static content over HTTP instead of HTTPS

问题

On our test servers, we're using the Pyramid debug toolbar, however, it generates http:// links to static content (like its CSS and JavaScript files), while the rest of the content is served over HTTPS. This causes mixed content warnings, and it breaks all functionality. Is there a way to force it to generate HTTPS links?

I know it's possible to enable mixed content in Chrome, and this works, but it's not a feasible solution for the entire QA team.

回答1:

There might be better/simpler ways to achieve this, but one thing you can do to achieve this add the _scheme='https' parameter to each call to request.static_url().

For that you can of course edit pyramid/url.py, but you can also do this in your projects' __init__.py:

from pyramid.url import URLMethodsMixin

URLMethodsMixin.static_url_org = URLMethodsMixin.static_url  # backup of original

def https_static_url(self, *args, **kw):
    kw['_scheme'] = 'https'  # add parameter forcing https
    return URLMethodsMixin.static_url_org(self, *args, **kw)  # call backup

URLMethodsMixin.static_url = https_static_url  # replace original with backup

Parameters for static_url works like route_url. From the documentation:

Note that if _scheme is passed as https, and _port is not passed, the _port value is assumed to have been passed as 443. Likewise, if _scheme is passed as http and _port is not passed, the _port value is assumed to have been passed as 80. To avoid this behavior, always explicitly pass _port whenever you pass _scheme. Setting '_scheme' automatically forces port 443

回答2:

Usually you signal your web server to use HTTPS instead of HTTP by passing through X-Forwarded-Proto HTTP header.

Example from Nginx:

    proxy_set_header X-Forwarded-Proto $scheme;

However, this is not standard and may depend on your web server configuration. Here is full example for Nginx + uWSGI:

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Forwarded-Proto $scheme;

    uwsgi_pass 127.0.0.1:8001;
    uwsgi_param UWSGI_SCHEME https;
    uwsgi_pass_header X_FORWARDED_PROTO;
    uwsgi_pass_header X_REAL_IP;

See how WebOb (underlying Request for Pyramid) reconstructs URL from given HTTP headers.

来源：https://stackoverflow.com/questions/39033106/pyramid-debug-toolbar-serving-static-content-over-http-instead-of-https