Skip to content
This repository was archived by the owner on Apr 29, 2022. It is now read-only.

Commit 54a0cf5

Browse files
fpierfedfpierfed
committed
forcing the use of HTTPS
1 parent bdb44cf commit 54a0cf5

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

conference/api.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ class ApiError(Enum):
2424
AUTH_ERROR = 2
2525
INPUT_ERROR = 3
2626
UNAUTHORIZED = 4
27+
WRONG_SCHEME = 5
2728

2829

2930
def _error(error: ApiError, msg: str) -> JsonResponse:
@@ -76,6 +77,9 @@ def isauth(request):
7677
if ALLOWED_IPS and best_effort_ip not in ALLOWED_IPS:
7778
return _error(ApiError.UNAUTHORIZED, 'you are not authorized here')
7879

80+
if request.scheme != 'https':
81+
return _error(ApiError.WRONG_SCHEME, 'please use HTTPS')
82+
7983
if request.method != 'POST':
8084
return _error(ApiError.WRONG_METHOD, 'please use POST')
8185

0 commit comments

Comments
 (0)