From 86ae2bda3e5084dc741f0f4212040fcb5a9183c8 Mon Sep 17 00:00:00 2001 From: Ben Busby Date: Wed, 31 Mar 2021 12:14:38 -0400 Subject: [PATCH] Hotfix: Upgrade heroku apps to https for all endpoints The previous implementation of the is_heroku check in search.needs_https() was implemented to only match URLs ending in '.herokuapp.com', and skipped upgrading to HTTPS for other endpoints. --- app/utils/search.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/utils/search.py b/app/utils/search.py index 9694d14..197186b 100644 --- a/app/utils/search.py +++ b/app/utils/search.py @@ -25,7 +25,7 @@ def needs_https(url: str) -> bool: """ https_only = bool(os.getenv('HTTPS_ONLY', 0)) - is_heroku = url.endswith('.herokuapp.com') + is_heroku = '.herokuapp.com' in url is_http = url.startswith('http://') return (is_heroku and is_http) or (https_only and is_http)