summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'dev-python/ipython/files/ipython-2.2.0-login-backport.patch')
-rw-r--r--dev-python/ipython/files/ipython-2.2.0-login-backport.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/dev-python/ipython/files/ipython-2.2.0-login-backport.patch b/dev-python/ipython/files/ipython-2.2.0-login-backport.patch
new file mode 100644
index 00000000000..cf6a99db21e
--- /dev/null
+++ b/dev-python/ipython/files/ipython-2.2.0-login-backport.patch
@@ -0,0 +1,35 @@
+From 5d6ce3671318c8d32bab770ece841590bbec358d Mon Sep 17 00:00:00 2001
+From: Matthias Bussonnier <bussonniermatthias@gmail.com>
+Date: Fri, 17 Apr 2015 13:08:32 -0700
+Subject: [PATCH] Set secure cookie by default if login handler is hit.
+
+ backport of https://github.com/jupyter/jupyter_notebook/pull/22 b8e99bc
+
+> There is few chances that logged-in people do not use https connexion,
+> but I guess it can happened if the server is ran in front of a proxy
+> that does the https termination, so leave it configurable.
+>
+> closes ipython/ipython#8325
+---
+ IPython/html/auth/login.py | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/IPython/html/auth/login.py b/IPython/html/auth/login.py
+index 1ad4673..1a340c8 100644
+--- a/IPython/html/auth/login.py
++++ b/IPython/html/auth/login.py
+@@ -46,7 +46,13 @@ class LoginHandler(IPythonHandler):
+ pwd = self.get_argument('password', default=u'')
+ if self.login_available:
+ if passwd_check(self.password, pwd):
+- self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()))
++ # tornado <4.2 have a bug that consider secure==True as soon as
++ # 'secure' kwarg is passed to set_secure_cookie
++ if self.settings.get('secure_cookie', self.request.protocol == 'https'):
++ kwargs = {'secure':True}
++ else:
++ kwargs = {}
++ self.set_secure_cookie(self.cookie_name, str(uuid.uuid4()), **kwargs)
+ else:
+ self._render(message={'error': 'Invalid password'})
+ return