fix broken handling of adding an htsts.

Modifing response/request was having trouble in some redirect cases

--HG--
extra : source : 4ed55c851d1cf6d564b7213ac6dc3a28a3a51f14

1 files changed, 8 insertions, 9 deletions

diff --git a/rhodecode/lib/middleware/https_fixup.py b/rhodecode/lib/middleware/https_fixup.py
index 49e99d0d..3418c051 100644
--- a/rhodecode/lib/middleware/https_fixup.py
+++ b/rhodecode/lib/middleware/https_fixup.py
@@ -23,7 +23,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from pylons.controllers.util import Request
 from rhodecode.lib.utils2 import str2bool
 
 
@@ -36,15 +35,15 @@ class HttpsFixup(object):
     def __call__(self, environ, start_response):
         self.__fixup(environ)
         debug = str2bool(self.config.get('debug'))
-        if str2bool(self.config.get('use_htsts')) and not debug:
-            req = Request(environ, self.application)
-            resp = req.get_response(self.application)
-            if environ['wsgi.url_scheme'] == 'https':
-                resp.headers['Strict-Transport-Security'] = \
-                    'max-age=8640000; includeSubDomains'
-            return resp(environ, start_response)
+        is_ssl = environ['wsgi.url_scheme'] == 'https'
 
-        return self.application(environ, start_response)
+        def custom_start_response(status, headers, exc_info=None):
+            if is_ssl and str2bool(self.config.get('use_htsts')) and not debug:
+                headers.append(('Strict-Transport-Security',
+                                'max-age=8640000; includeSubDomains'))
+            return start_response(status, headers, exc_info)
+
+        return self.application(environ, custom_start_response)
 
     def __fixup(self, environ):
         """