[CalendarServer-changes] [10199] CalendarServer/branches/release/CalendarServer-4.3-dev
source_changes at macosforge.org
source_changes at macosforge.org
Thu Jan 3 13:26:18 PST 2013
Revision: 10199
http://trac.calendarserver.org//changeset/10199
Author: wsanchez at apple.com
Date: 2013-01-03 13:26:17 -0800 (Thu, 03 Jan 2013)
Log Message:
-----------
Pulled up r10165 from trunk.
Revision Links:
--------------
http://trac.calendarserver.org//changeset/10165
Modified Paths:
--------------
CalendarServer/branches/release/CalendarServer-4.3-dev/calendarserver/tap/caldav.py
CalendarServer/branches/release/CalendarServer-4.3-dev/calendarserver/tap/test/test_caldav.py
CalendarServer/branches/release/CalendarServer-4.3-dev/twext/web2/channel/http.py
CalendarServer/branches/release/CalendarServer-4.3-dev/twext/web2/test/test_http.py
CalendarServer/branches/release/CalendarServer-4.3-dev/twistedcaldav/stdconfig.py
Property Changed:
----------------
CalendarServer/branches/release/CalendarServer-4.3-dev/
Property changes on: CalendarServer/branches/release/CalendarServer-4.3-dev
___________________________________________________________________
Modified: svn:mergeinfo
- /CalendarServer/branches/config-separation:4379-4443
/CalendarServer/branches/egg-info-351:4589-4625
/CalendarServer/branches/generic-sqlstore:6167-6191
/CalendarServer/branches/new-store:5594-5934
/CalendarServer/branches/new-store-no-caldavfile:5911-5935
/CalendarServer/branches/new-store-no-caldavfile-2:5936-5981
/CalendarServer/branches/users/cdaboo/batchupload-6699:6700-7198
/CalendarServer/branches/users/cdaboo/cached-subscription-calendars-5692:5693-5702
/CalendarServer/branches/users/cdaboo/component-set-fixes:8130-8346
/CalendarServer/branches/users/cdaboo/directory-cache-on-demand-3627:3628-3644
/CalendarServer/branches/users/cdaboo/implicituidrace:8137-8141
/CalendarServer/branches/users/cdaboo/more-sharing-5591:5592-5601
/CalendarServer/branches/users/cdaboo/partition-4464:4465-4957
/CalendarServer/branches/users/cdaboo/pods:7297-7377
/CalendarServer/branches/users/cdaboo/pycalendar:7085-7206
/CalendarServer/branches/users/cdaboo/pycard:7227-7237
/CalendarServer/branches/users/cdaboo/queued-attendee-refreshes:7740-8287
/CalendarServer/branches/users/cdaboo/relative-config-paths-5070:5071-5105
/CalendarServer/branches/users/cdaboo/shared-calendars-5187:5188-5440
/CalendarServer/branches/users/cdaboo/timezones:7443-7699
/CalendarServer/branches/users/cdaboo/txn-debugging:8730-8743
/CalendarServer/branches/users/glyph/always-abort-txn-on-error:9958-9969
/CalendarServer/branches/users/glyph/case-insensitive-uid:8772-8805
/CalendarServer/branches/users/glyph/conn-limit:6574-6577
/CalendarServer/branches/users/glyph/contacts-server-merge:4971-5080
/CalendarServer/branches/users/glyph/dalify:6932-7023
/CalendarServer/branches/users/glyph/db-reconnect:6824-6876
/CalendarServer/branches/users/glyph/deploybuild:7563-7572
/CalendarServer/branches/users/glyph/disable-quota:7718-7727
/CalendarServer/branches/users/glyph/dont-start-postgres:6592-6614
/CalendarServer/branches/users/glyph/imip-and-admin-html:7866-7984
/CalendarServer/branches/users/glyph/ipv6-client:9054-9105
/CalendarServer/branches/users/glyph/linux-tests:6893-6900
/CalendarServer/branches/users/glyph/migrate-merge:8690-8713
/CalendarServer/branches/users/glyph/misc-portability-fixes:7365-7374
/CalendarServer/branches/users/glyph/more-deferreds-6:6322-6368
/CalendarServer/branches/users/glyph/more-deferreds-7:6369-6445
/CalendarServer/branches/users/glyph/multiget-delete:8321-8330
/CalendarServer/branches/users/glyph/new-export:7444-7485
/CalendarServer/branches/users/glyph/oracle:7106-7155
/CalendarServer/branches/users/glyph/oracle-nulls:7340-7351
/CalendarServer/branches/users/glyph/other-html:8062-8091
/CalendarServer/branches/users/glyph/parallel-sim:8240-8251
/CalendarServer/branches/users/glyph/parallel-upgrade:8376-8400
/CalendarServer/branches/users/glyph/parallel-upgrade_to_1:8571-8583
/CalendarServer/branches/users/glyph/q:9560-9688
/CalendarServer/branches/users/glyph/quota:7604-7637
/CalendarServer/branches/users/glyph/sendfdport:5388-5424
/CalendarServer/branches/users/glyph/shared-pool-fixes:8436-8443
/CalendarServer/branches/users/glyph/shared-pool-take2:8155-8174
/CalendarServer/branches/users/glyph/sharedpool:6490-6550
/CalendarServer/branches/users/glyph/sharing-api:9192-9205
/CalendarServer/branches/users/glyph/skip-lonely-vtimezones:8524-8535
/CalendarServer/branches/users/glyph/sql-store:5929-6073
/CalendarServer/branches/users/glyph/subtransactions:7248-7258
/CalendarServer/branches/users/glyph/table-alias:8651-8664
/CalendarServer/branches/users/glyph/uidexport:7673-7676
/CalendarServer/branches/users/glyph/use-system-twisted:5084-5149
/CalendarServer/branches/users/glyph/uuid-normalize:9268-9296
/CalendarServer/branches/users/glyph/xattrs-from-files:7757-7769
/CalendarServer/branches/users/sagen/applepush:8126-8184
/CalendarServer/branches/users/sagen/inboxitems:7380-7381
/CalendarServer/branches/users/sagen/locations-resources:5032-5051
/CalendarServer/branches/users/sagen/locations-resources-2:5052-5061
/CalendarServer/branches/users/sagen/purge_old_events:6735-6746
/CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/branches/users/sagen/resources-2:5084-5093
/CalendarServer/branches/users/wsanchez/transations:5515-5593
/CalendarServer/trunk:9867,9870,9876,9895,9899,9901,9904,9925,9928,9950-9951,9970,9974,9978
+ /CalendarServer/branches/config-separation:4379-4443
/CalendarServer/branches/egg-info-351:4589-4625
/CalendarServer/branches/generic-sqlstore:6167-6191
/CalendarServer/branches/new-store:5594-5934
/CalendarServer/branches/new-store-no-caldavfile:5911-5935
/CalendarServer/branches/new-store-no-caldavfile-2:5936-5981
/CalendarServer/branches/users/cdaboo/batchupload-6699:6700-7198
/CalendarServer/branches/users/cdaboo/cached-subscription-calendars-5692:5693-5702
/CalendarServer/branches/users/cdaboo/component-set-fixes:8130-8346
/CalendarServer/branches/users/cdaboo/directory-cache-on-demand-3627:3628-3644
/CalendarServer/branches/users/cdaboo/implicituidrace:8137-8141
/CalendarServer/branches/users/cdaboo/more-sharing-5591:5592-5601
/CalendarServer/branches/users/cdaboo/partition-4464:4465-4957
/CalendarServer/branches/users/cdaboo/pods:7297-7377
/CalendarServer/branches/users/cdaboo/pycalendar:7085-7206
/CalendarServer/branches/users/cdaboo/pycard:7227-7237
/CalendarServer/branches/users/cdaboo/queued-attendee-refreshes:7740-8287
/CalendarServer/branches/users/cdaboo/relative-config-paths-5070:5071-5105
/CalendarServer/branches/users/cdaboo/shared-calendars-5187:5188-5440
/CalendarServer/branches/users/cdaboo/timezones:7443-7699
/CalendarServer/branches/users/cdaboo/txn-debugging:8730-8743
/CalendarServer/branches/users/glyph/always-abort-txn-on-error:9958-9969
/CalendarServer/branches/users/glyph/case-insensitive-uid:8772-8805
/CalendarServer/branches/users/glyph/conn-limit:6574-6577
/CalendarServer/branches/users/glyph/contacts-server-merge:4971-5080
/CalendarServer/branches/users/glyph/dalify:6932-7023
/CalendarServer/branches/users/glyph/db-reconnect:6824-6876
/CalendarServer/branches/users/glyph/deploybuild:7563-7572
/CalendarServer/branches/users/glyph/disable-quota:7718-7727
/CalendarServer/branches/users/glyph/dont-start-postgres:6592-6614
/CalendarServer/branches/users/glyph/imip-and-admin-html:7866-7984
/CalendarServer/branches/users/glyph/ipv6-client:9054-9105
/CalendarServer/branches/users/glyph/linux-tests:6893-6900
/CalendarServer/branches/users/glyph/migrate-merge:8690-8713
/CalendarServer/branches/users/glyph/misc-portability-fixes:7365-7374
/CalendarServer/branches/users/glyph/more-deferreds-6:6322-6368
/CalendarServer/branches/users/glyph/more-deferreds-7:6369-6445
/CalendarServer/branches/users/glyph/multiget-delete:8321-8330
/CalendarServer/branches/users/glyph/new-export:7444-7485
/CalendarServer/branches/users/glyph/oracle:7106-7155
/CalendarServer/branches/users/glyph/oracle-nulls:7340-7351
/CalendarServer/branches/users/glyph/other-html:8062-8091
/CalendarServer/branches/users/glyph/parallel-sim:8240-8251
/CalendarServer/branches/users/glyph/parallel-upgrade:8376-8400
/CalendarServer/branches/users/glyph/parallel-upgrade_to_1:8571-8583
/CalendarServer/branches/users/glyph/q:9560-9688
/CalendarServer/branches/users/glyph/quota:7604-7637
/CalendarServer/branches/users/glyph/sendfdport:5388-5424
/CalendarServer/branches/users/glyph/shared-pool-fixes:8436-8443
/CalendarServer/branches/users/glyph/shared-pool-take2:8155-8174
/CalendarServer/branches/users/glyph/sharedpool:6490-6550
/CalendarServer/branches/users/glyph/sharing-api:9192-9205
/CalendarServer/branches/users/glyph/skip-lonely-vtimezones:8524-8535
/CalendarServer/branches/users/glyph/sql-store:5929-6073
/CalendarServer/branches/users/glyph/subtransactions:7248-7258
/CalendarServer/branches/users/glyph/table-alias:8651-8664
/CalendarServer/branches/users/glyph/uidexport:7673-7676
/CalendarServer/branches/users/glyph/use-system-twisted:5084-5149
/CalendarServer/branches/users/glyph/uuid-normalize:9268-9296
/CalendarServer/branches/users/glyph/xattrs-from-files:7757-7769
/CalendarServer/branches/users/sagen/applepush:8126-8184
/CalendarServer/branches/users/sagen/inboxitems:7380-7381
/CalendarServer/branches/users/sagen/locations-resources:5032-5051
/CalendarServer/branches/users/sagen/locations-resources-2:5052-5061
/CalendarServer/branches/users/sagen/purge_old_events:6735-6746
/CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/branches/users/sagen/resources-2:5084-5093
/CalendarServer/branches/users/wsanchez/transations:5515-5593
/CalendarServer/trunk:9867,9870,9876,9895,9899,9901,9904,9925,9928,9950-9951,9970,9974,9978,10165
Modified: CalendarServer/branches/release/CalendarServer-4.3-dev/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-4.3-dev/calendarserver/tap/caldav.py 2013-01-03 20:28:43 UTC (rev 10198)
+++ CalendarServer/branches/release/CalendarServer-4.3-dev/calendarserver/tap/caldav.py 2013-01-03 21:26:17 UTC (rev 10199)
@@ -859,6 +859,22 @@
def requestFactory(*args, **kw):
return SSLRedirectRequest(site=underlyingSite, *args, **kw)
+ # Add the Strict-Transport-Security header to all secured requests
+ # if enabled.
+ if config.StrictTransportSecuritySeconds:
+ previousRequestFactory = requestFactory
+ def requestFactory(*args, **kw):
+ request = previousRequestFactory(*args, **kw)
+ def responseFilter(ignored, response):
+ ignored, secure = request.chanRequest.getHostInfo()
+ if secure:
+ response.headers.addRawHeader("Strict-Transport-Security",
+ "max-age={max_age:d}"
+ .format(max_age=config.StrictTransportSecuritySeconds))
+ return response
+ request.addResponseFilter(responseFilter)
+ return request
+
httpFactory = LimitingHTTPFactory(
requestFactory,
maxRequests=config.MaxRequests,
@@ -879,6 +895,9 @@
connectionService.setName(CalDAVService.connectionServiceName)
connectionService.setServiceParent(service)
+ # For calendarserver.tap.test.test_caldav.BaseServiceMakerTests.getSite():
+ connectionService.underlyingSite = underlyingSite
+
if config.InheritFDs or config.InheritSSLFDs:
# Inherit sockets to call accept() on them individually.
Modified: CalendarServer/branches/release/CalendarServer-4.3-dev/calendarserver/tap/test/test_caldav.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-4.3-dev/calendarserver/tap/test/test_caldav.py 2013-01-03 20:28:43 UTC (rev 10198)
+++ CalendarServer/branches/release/CalendarServer-4.3-dev/calendarserver/tap/test/test_caldav.py 2013-01-03 21:26:17 UTC (rev 10199)
@@ -379,9 +379,10 @@
# NOTE: in a database 'single' configuration, PostgresService
# will prevent the HTTP services from actually getting added to
# the hierarchy until the hierarchy has started.
- lambda x: hasattr(x, 'args')
+ # 'underlyingSite' assigned in caldav.py
+ lambda x: hasattr(x, 'underlyingSite')
):
- return listeningService.args[1].protocolArgs['requestFactory']
+ return listeningService.underlyingSite
raise RuntimeError("No site found.")
Modified: CalendarServer/branches/release/CalendarServer-4.3-dev/twext/web2/channel/http.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-4.3-dev/twext/web2/channel/http.py 2013-01-03 20:28:43 UTC (rev 10198)
+++ CalendarServer/branches/release/CalendarServer-4.3-dev/twext/web2/channel/http.py 2013-01-03 21:26:17 UTC (rev 10199)
@@ -76,26 +76,11 @@
self.transport.loseConnection()
-
class SSLRedirectRequest(Request):
"""
An L{SSLRedirectRequest} prevents processing if the request is over plain
HTTP; instead, it redirects to HTTPS.
-
- If the request is already secured, it instead sets the
- Strict-Transport-Security header as documented by the U{HTTP Strict
- Transport Security specification
- <http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-02>}.
-
- @ivar maxAge: the number of seconds that a client must wait after receiving
- an HTTPS response, before they may attempt to make an HTTP request
- again.
-
- @type maxAge: C{int}
"""
-
- maxAge = 600
-
def process(self):
ignored, secure = self.chanRequest.getHostInfo()
if not secure:
@@ -116,15 +101,6 @@
return super(SSLRedirectRequest, self).process()
- def writeResponse(self, response):
- """
- Response filter to add HSTS header.
- """
- response.headers.addRawHeader("Strict-Transport-Security",
- "max-age={max_age:d}"
- .format(max_age=self.maxAge))
- return super(SSLRedirectRequest, self).writeResponse(response)
-
# >%
PERSIST_NO_PIPELINE, PERSIST_PIPELINE = (1,2)
Modified: CalendarServer/branches/release/CalendarServer-4.3-dev/twext/web2/test/test_http.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-4.3-dev/twext/web2/test/test_http.py 2013-01-03 20:28:43 UTC (rev 10198)
+++ CalendarServer/branches/release/CalendarServer-4.3-dev/twext/web2/test/test_http.py 2013-01-03 21:26:17 UTC (rev 10199)
@@ -742,18 +742,6 @@
cxn.client.loseConnection()
self.assertDone(cxn)
-
- def test_http1_1_sts(self):
- """
- L{SSLRedirectRequest} uses strict transport security, and will set the
- appropriate header.
- """
- self.requestClass = TestSSLRedirectRequest
- return self.testHTTP1_1_chunking(
- "Strict-Transport-Security: max-age=600"
- )
-
-
def testHTTP1_1_expect_continue(self):
cxn = self.connect()
cmds = [[]]
Modified: CalendarServer/branches/release/CalendarServer-4.3-dev/twistedcaldav/stdconfig.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-4.3-dev/twistedcaldav/stdconfig.py 2013-01-03 20:28:43 UTC (rev 10198)
+++ CalendarServer/branches/release/CalendarServer-4.3-dev/twistedcaldav/stdconfig.py 2013-01-03 21:26:17 UTC (rev 10199)
@@ -250,6 +250,8 @@
"RedirectHTTPToHTTPS" : False, # If True, all nonSSL requests redirected to an SSL Port
"SSLMethod" : "SSLv3_METHOD", # SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD
"SSLCiphers" : "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM",
+ "StrictTransportSecuritySeconds" : 7 * 24 * 60 * 60, # max-age value for
+ # Strict-Transport-Security header; set to 0 to disable header.
#
# Network address configuration information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20130103/4daad86c/attachment-0001.html>
More information about the calendarserver-changes
mailing list