Pylons - Redirects will drop from HTTPS to HTTP unless I specify the protocol... Is there a way to fix this?

Question

On my Pylons website, I have my login form sending it's data to 'https://mysite.com'. Upon a successful login, a redirect takes place to send them to their profile page.

redirect(url(controller='profile'))

This sends the user to http://mysite.com/profile instead of https://mysite.com/profile. The only way I've found to fix this is to change the redirect to:

redirect(url(controller='profile', protocol='https'))

The problem I have with this is "what if, for whatever reason, my cert goes away and I have to drop SSL" I don't want to have to go through my entire code looking for all redirects I specify the 'https' protocol in. I want my login to send the user to HTTPS and that's it...

Is there a reason the redirect drops to HTTP? Is there a way to stop it? :/

Answer 1

I'd customize the Mapper so that every call to "url" would force the correct protocol...
Inside routing.py:

class CustomMapper(Mapper):

    def generate(self, *args, **kwargs):
        kwargs["protocol"] = "https"
        return Mapper.generate(self, *args, **kwargs)

def make_map(config):
    """Create, configure and return the routes Mapper"""
    map = CustomMapper(directory=config['pylons.paths']['controllers'],
                       always_scan=config['debug'])