I'm using authlib in my project. I have a local IDP setup using http atm.
For testing, this code is blocking me because my dev environment is http.
https://github.com/lepture/authlib/blob/master/authlib/client/oauth2.py#L155
I can carry on by commenting out the line. But, i think having a way to turn of https check is neater.
So, dose anyway know a way to turn off https check in Authlib ?
It can be solved by setting an environment:
AUTHLIB_INSECURE_TRANSPORT=true
This is not documented on client sections, it is documented on the server parts like https://docs.authlib.org/en/latest/flask/oauth2.html
Related
I've just installed Sylius to test it for possible production use and integrated Paypal through the payum-gateway.
I'm running Sylius with the included webserver on 127.0.0.1:8080 through a nginx reverse SSL proxy for security reasons and so that it is accessible through a regular URI.
After the PayPal-Payment, I'm forwarded back to the page as it should but instead of the origin-page it sends to 127.0.0.1:8080.
The "Show Shop"-link from the admin-menu did this as well until I changed the server name in the "channel settings".
I figured I have to set the public hostname somewhere else, too, but I cannot figure out where I have to do so.
Grepping for '127.0.0.1' yields a lot of results. For example vendor/sensio/distribution-bundle/Resources/skeleton/web/config.php, but that doesn't seem to be the right place.
I don't know the answer to the original question so I won't delete it in case someone else wants to answer.
I solved this specific problem by not using nginx as a proxy but as the webserver itself and deacitivating the webserver that is shipped with Sylius.
How do we by pass this issue with SonarQube server v5.1 and firefox? Chrome & IE are working fine but firefox is not allowing to access the server in https mode. I looked at https://weakdh.org/sysadmin.html but I am not sure what server SonarQube uses and how to implement fix for this problem. Any help is appreciated. Thanks.
When a user wants to enable (or restrict) access to a SonarQube instance over HTTPS, the recommended way is to put it behind another WebServer she configures at will.
So, the way to go here, is to add an Apache, Nginx or whatever in front of the SQ instance and configure it according to the recommendations in the link you provided and generate a "safe" server certificate.
I fixed it by setting the following property in sonar.properties file.
sonar.web.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
I have purchased an ssl certificate, I have enabled the SSL setting in the settings and I have changed both config files to go to https but when I visit http://bit.ly/TCkEBv the first page is https the rest are not. How can I fix this?
I realize this is an old thread but considering the recent google SSL-everywhere indexing changes, i figured it was relevant. The following example will make OC use https in all links. You have to change 3 characters in system/library/url.php. They deleted this on the forums which is understandable, but we have ran it for a week of production traffic on mixed SSL multistores with no issues.
WARNING: Your mods may be different - run through them all in a test after enabling this...especially any redirect managers. Here is the tweak for 1.5.6:
Open store/system/library/url.php and find $url = $this->url; in an IF statement somewhere near line 18. Change it to $url = $this->ssl; and there ya go.
PS: Also there is a vastly untested method to send the https-preferred as a header using $response->addHeader('Strict-Transport-Security: max-age=31536000'); but i am unsure of best spot to put it besides index.php. Also, although it works in test, unsure of all-server implications. Header controller seems logical, but not all OC areas use header controller :). Experiment with best placement for that....just dont do it in the $url replicator even if it seems like it works.
As per the forum thread, this is not actually a bug just the way that the cart is set up - that is most pages are not set as HTTPS and will revert to HTTP once you click on a non HTTPS link
Let's say you have a Domain called example.org
Instead of changing the code, in Apache, you could do this...
In addition to your Domain-SSL.conf, you can copy that configuration to Domain.conf and edit it to use port 80 instead of 443
Then, add this line in the Server definitions at the top, right before DirectoryIndex...
Redirect / https://example.org
This will simply redirect every request back to the SSL configuration, adding the https:// in front of every link. No code changes required to OC.
This has been working on my busy production server for several years without a single problem.
I'm looking for a mod_auth_tkt for Nginx? I have multiple applications using auth_tkt compatible cookies and would like to have SSO. I don't want to use apache2 mod_auth_tkt, since I have nginx already running. Is there a auth_tkt compatible module for nginx?
I came across this challenge today (multi-domain SSO using Nginx), so I suppose an answer is better late than never.
I was coming from having used auth_tkt with Apache2.
Ultimately I ended up with an implementation of Pubcookie, for which somebody wrote and documented an Nginx module.
The setup is very similar:
A CGI script intercepts the request and performs login procedure for the user using whatever mechanism is configured
Upon successful authentication:
a. A cookie is set on the enterprise_domain
b. User is redirected to the originally requested resources
Some warning though, I had to hack the source a fair bit for pubcookie and the nginx module to get it to work with non-SSL sites - it seems to have been written with SSL as a fixed assumption.
Is there a way to configure Apache to slow down login after failed attempts?
It looks like it is not the default setting as already discussed here.
On the other side it seems to be possible also without adding it to own application logic, on plain Apache, see here, but I found nothing in documentation and discussion???
Thanks
Achim