request.scheme with a proxy like nginx

[patic-fr]

I think the best solution is used Nginx in front and sanic in back (and maybee Gunicorn in middle but I don't understand interest for the moment).

When I test with Nginx, the value for "request.scheme" is not the real value in front but the value for sanic server.
I can find the correct value with for exemple "request.headers['x-forwarded-proto']".

So, I think it's better to specify in the documentation, and/or create a other param for "remote_scheme" for example, because I think it will be the main configuration in production (nginx + sanic).

Sorry for my english ...

[r0fls]

@patic-fr so are you using https in nginx, but sanic is seeing http? It would be useful to have a few more details. Maybe you need to add proxy_set_header X-Forwarded-Proto $scheme; in your nginx location block?

[patic-fr]

Sorry, it's a problem of understanding.

I added "proxy_set_header X-Forwarded-Proto ..." in Nginx of course.

But, I think novice people like me who could trust the "request.scheme" property without thinking more.

I am working on designing authentication and I want to apply all good security practices.
One of them is to force the connection on HTTPS and deny the HTTP. I looked at the extension flask-sslify for ideas.
Of course, I can force redirection in the configuration of Nginx, but I prefer to control this more at the application level.

I think it would be nice to specify in the documentation that the "request.scheme" property does not return the original schema behind a proxy but just the schema of the connection between the proxy and Sanic.

So I think we should just improve the documentation on this point to be more explicit for novice.

[patic-fr]

For help you, there is two places where we can add informations :

• API Reference

Just before "scheme" there is "remote_add" where I can read "Attempt to return the original client ip based on X-Forwarded-For. Returns: original client ip." Perhaps, you could add the same thing for scheme with remote_scheme in the API.

In the documentation, we could write for exemple : "remark : behind a proxy, it's not the original schema. You can try to use request.headers.get('x-forwarded-proto', 'http'), it depends proxy server and configuration."

• Request Data

same thing

note : be careful my english, perhaps correction need

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is incorrect, please respond with an update. Thank you for your contributions.

[andreymal]

@​stale nope

[Tronic]

This seems to be already addressed in current git master. I suggest closing.