Hi I have a little Flask app running now. It's hosted on Webfaction who use an Apache + Nginx combo. I have switched the app to https and now my limited experience has kicked in with a vengeance yet again! I have one page of my app that does not require login and it is displaying fine at https://myapp.com My login route/view which used to work fine was at /login When I log in now tho I am getting an nginx 405 error. I think what is happening is that the login is posting to http://myapp.com/login and not https://myapp.com/login So do I need to do something in my Flask app code or is this an apache rewrite http conf? Could anyone help? Puzzled AL
How are you writing the links in your application ? On 28 October 2010 10:27, Alasdair Macmillan <al@atomised.coop> wrote: > Hi > > I have a little Flask app running now. It's hosted on Webfaction who use an Apache + Nginx combo. I have switched the app to https and now my limited experience has kicked in with a vengeance yet again! > > I have one page of my app that does not require login and it is displaying fine at https://myapp.com My login route/view which used to work fine was at /login When I log in now tho I am getting an nginx 405 error. I think what is happening is that the login is posting to http://myapp.com/login and not https://myapp.com/login > > So do I need to do something in my Flask app code or is this an apache rewrite http conf? > > Could anyone help? > > Puzzled > AL >
In this login example, upon successful login validation I start the
session and then:
return redirect('/dashboard/')
On 28 Oct 2010, at 10:29, danjac354@gmail.com wrote:
> How are you writing the links in your application ?
>
> On 28 October 2010 10:27, Alasdair Macmillan <al@atomised.coop> wrote:
>> Hi
>>
>> I have a little Flask app running now. It's hosted on Webfaction who
use an Apache + Nginx combo. I have switched the app to https and now my
limited experience has kicked in with a vengeance yet again!
>>
>> I have one page of my app that does not require login and it is
displaying fine at https://myapp.com My login route/view which used to
work fine was at /login When I log in now tho I am getting an nginx 405
error. I think what is happening is that the login is posting to
http://myapp.com/login and not https://myapp.com/login
>>
>> So do I need to do something in my Flask app code or is this an apache
rewrite http conf?
>>
>> Could anyone help?
>>
>> Puzzled
>> AL
>>
I've just searched the docs and I may have missed if there is already
something like this.
I had wondered about this myself a while back and would find some "neat"
solution useful.
I guess it would be easy enough to add a decorator which could go above a
specific view function. Have that behave differently depending on whether in
dev or production via the global config.
I.e.
Dev - > do nothing
Prod -> http : forward to https
https : display page as normal
Sorry if I missed something that's already there, i.e. a snippet or
something.
Cheers, Jim.
On 28 October 2010 10:31, Alasdair Macmillan <al@atomised.coop> wrote:
> In this login example, upon successful login validation I start the session
> and then:
>
> return redirect('/dashboard/')
>
> On 28 Oct 2010, at 10:29, danjac354@gmail.com wrote:
>
> > How are you writing the links in your application ?
> >
> > On 28 October 2010 10:27, Alasdair Macmillan <al@atomised.coop> wrote:
> >> Hi
> >>
> >> I have a little Flask app running now. It's hosted on Webfaction who use
> an Apache + Nginx combo. I have switched the app to https and now my limited
> experience has kicked in with a vengeance yet again!
> >>
> >> I have one page of my app that does not require login and it is
> displaying fine at https://myapp.com My login route/view which used to
> work fine was at /login When I log in now tho I am getting an nginx 405
> error. I think what is happening is that the login is posting to
> http://myapp.com/login and not https://myapp.com/login
> >>
> >> So do I need to do something in my Flask app code or is this an apache
> rewrite http conf?
> >>
> >> Could anyone help?
> >>
> >> Puzzled
> >> AL
> >>
>
>
I've just done a test if I log in via a form that is posting to https://myapp.com/login I login and everything works - all my links are https. The issue seems to be that I am posting to "." (which I 'm embarrassed to say that I don't fully understand but is in the WTForms docs). Do I need to post to "." for my form validation or is it just shorthand for post to the current url? On 28 Oct 2010, at 10:38, JimG wrote: > I've just searched the docs and I may have missed if there is already something like this. > > I had wondered about this myself a while back and would find some "neat" solution useful. > > I guess it would be easy enough to add a decorator which could go above a specific view function. Have that behave differently depending on whether in dev or production via the global config. > > I.e. > > Dev - > do nothing > Prod -> http : forward to https > https : display page as normal > > Sorry if I missed something that's already there, i.e. a snippet or something. > > Cheers, Jim. > > On 28 October 2010 10:31, Alasdair Macmillan <al@atomised.coop> wrote: > In this login example, upon successful login validation I start the session and then: > > return redirect('/dashboard/') > > On 28 Oct 2010, at 10:29, danjac354@gmail.com wrote: > > > How are you writing the links in your application ? > > > > On 28 October 2010 10:27, Alasdair Macmillan <al@atomised.coop> wrote: > >> Hi > >> > >> I have a little Flask app running now. It's hosted on Webfaction who use an Apache + Nginx combo. I have switched the app to https and now my limited experience has kicked in with a vengeance yet again! > >> > >> I have one page of my app that does not require login and it is displaying fine at https://myapp.com My login route/view which used to work fine was at /login When I log in now tho I am getting an nginx 405 error. I think what is happening is that the login is posting to http://myapp.com/login and not https://myapp.com/login > >> > >> So do I need to do something in my Flask app code or is this an apache rewrite http conf? > >> > >> Could anyone help? > >> > >> Puzzled > >> AL > >> > >
It should just point to your current URL.A 405 is Method not allowed, so I suspect that you've forgotten to enable POST for that route. On 28 October 2010 10:47, Alasdair Macmillan <al@atomised.coop> wrote: > I've just done a test if I log in via a form that is posting to > https://myapp.com/login I login and everything works - all my links are > https. The issue seems to be that I am posting to "." (which I 'm > embarrassed to say that I don't fully understand but is in the WTForms > docs). Do I need to post to "." for my form validation or is it just > shorthand for post to the current url? > On 28 Oct 2010, at 10:38, JimG wrote: > > I've just searched the docs and I may have missed if there is already > something like this. > I had wondered about this myself a while back and would find some "neat" > solution useful. > I guess it would be easy enough to add a decorator which could go above a > specific view function. Have that behave differently depending on whether in > dev or production via the global config. > I.e. > Dev - > do nothing > Prod -> http : forward to https > https : display page as normal > Sorry if I missed something that's already there, i.e. a snippet or > something. > Cheers, Jim. > On 28 October 2010 10:31, Alasdair Macmillan <al@atomised.coop> wrote: >> >> In this login example, upon successful login validation I start the >> session and then: >> >> return redirect('/dashboard/') >> >> On 28 Oct 2010, at 10:29, danjac354@gmail.com wrote: >> >> > How are you writing the links in your application ? >> > >> > On 28 October 2010 10:27, Alasdair Macmillan <al@atomised.coop> wrote: >> >> Hi >> >> >> >> I have a little Flask app running now. It's hosted on Webfaction who >> >> use an Apache + Nginx combo. I have switched the app to https and now my >> >> limited experience has kicked in with a vengeance yet again! >> >> >> >> I have one page of my app that does not require login and it is >> >> displaying fine at https://myapp.com My login route/view which used to work >> >> fine was at /login When I log in now tho I am getting an nginx 405 error. I >> >> think what is happening is that the login is posting to >> >> http://myapp.com/login and not https://myapp.com/login >> >> >> >> So do I need to do something in my Flask app code or is this an apache >> >> rewrite http conf? >> >> >> >> Could anyone help? >> >> >> >> Puzzled >> >> AL >> >> >> > > >
You were right Dan. I had written a new login method and left off the POST. All working now. On 28 Oct 2010, at 10:49, danjac354@gmail.com wrote: > It should just point to your current URL.A 405 is Method not allowed, > so I suspect that you've forgotten to enable POST for that route. > > > On 28 October 2010 10:47, Alasdair Macmillan <al@atomised.coop> wrote: >> I've just done a test if I log in via a form that is posting to >> https://myapp.com/login I login and everything works - all my links are >> https. The issue seems to be that I am posting to "." (which I 'm >> embarrassed to say that I don't fully understand but is in the WTForms >> docs). Do I need to post to "." for my form validation or is it just >> shorthand for post to the current url? >> On 28 Oct 2010, at 10:38, JimG wrote: >> >> I've just searched the docs and I may have missed if there is already >> something like this. >> I had wondered about this myself a while back and would find some "neat" >> solution useful. >> I guess it would be easy enough to add a decorator which could go above a >> specific view function. Have that behave differently depending on whether in >> dev or production via the global config. >> I.e. >> Dev - > do nothing >> Prod -> http : forward to https >> https : display page as normal >> Sorry if I missed something that's already there, i.e. a snippet or >> something. >> Cheers, Jim. >> On 28 October 2010 10:31, Alasdair Macmillan <al@atomised.coop> wrote: >>> >>> In this login example, upon successful login validation I start the >>> session and then: >>> >>> return redirect('/dashboard/') >>> >>> On 28 Oct 2010, at 10:29, danjac354@gmail.com wrote: >>> >>>> How are you writing the links in your application ? >>>> >>>> On 28 October 2010 10:27, Alasdair Macmillan <al@atomised.coop> wrote: >>>>> Hi >>>>> >>>>> I have a little Flask app running now. It's hosted on Webfaction who >>>>> use an Apache + Nginx combo. I have switched the app to https and now my >>>>> limited experience has kicked in with a vengeance yet again! >>>>> >>>>> I have one page of my app that does not require login and it is >>>>> displaying fine at https://myapp.com My login route/view which used to work >>>>> fine was at /login When I log in now tho I am getting an nginx 405 error. I >>>>> think what is happening is that the login is posting to >>>>> http://myapp.com/login and not https://myapp.com/login >>>>> >>>>> So do I need to do something in my Flask app code or is this an apache >>>>> rewrite http conf? >>>>> >>>>> Could anyone help? >>>>> >>>>> Puzzled >>>>> AL >>>>> >>> >> >> >>
I'd use url_for in all cases (templates, redirects etc). It's more
maintainable - you can change your routes without having to go through
an change all your hardcoded urls.
You could add a decorator which ensures that certain URLs are posted
to https (e.g. a card payment form, login form etc). In practice
though I've found it's just easier to have all the site under SSL than
bits and pieces - you may forget to cover off some sensitive part of
the site.
Also check your route - does it allow POST as well as GET ?
i.e. @app.route("/login/", methods=("GET", "POST"))
On 28 October 2010 10:38, JimG <j.gumbley@gmail.com> wrote:
> I've just searched the docs and I may have missed if there is already
> something like this.
> I had wondered about this myself a while back and would find some "neat"
> solution useful.
> I guess it would be easy enough to add a decorator which could go above a
> specific view function. Have that behave differently depending on whether in
> dev or production via the global config.
> I.e.
> Dev - > do nothing
> Prod -> http : forward to https
> https : display page as normal
> Sorry if I missed something that's already there, i.e. a snippet or
> something.
> Cheers, Jim.
> On 28 October 2010 10:31, Alasdair Macmillan <al@atomised.coop> wrote:
>>
>> In this login example, upon successful login validation I start the
>> session and then:
>>
>> return redirect('/dashboard/')
>>
>> On 28 Oct 2010, at 10:29, danjac354@gmail.com wrote:
>>
>> > How are you writing the links in your application ?
>> >
>> > On 28 October 2010 10:27, Alasdair Macmillan <al@atomised.coop> wrote:
>> >> Hi
>> >>
>> >> I have a little Flask app running now. It's hosted on Webfaction who
>> >> use an Apache + Nginx combo. I have switched the app to https and now my
>> >> limited experience has kicked in with a vengeance yet again!
>> >>
>> >> I have one page of my app that does not require login and it is
>> >> displaying fine at https://myapp.com My login route/view which used to work
>> >> fine was at /login When I log in now tho I am getting an nginx 405 error. I
>> >> think what is happening is that the login is posting to
>> >> http://myapp.com/login and not https://myapp.com/login
>> >>
>> >> So do I need to do something in my Flask app code or is this an apache
>> >> rewrite http conf?
>> >>
>> >> Could anyone help?
>> >>
>> >> Puzzled
>> >> AL
>> >>
>>
>
>