runner(...ssl...) : ssl deprecated

manatlan · Oct 13, 2024 · adabb3e · adabb3e
1 parent b34c7db
commit adabb3e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -58,12 +58,6 @@ The port to bind to. (default is 8000)
 - When False: (default) no debugging facilities
 - When True: use starlette debugger.
 
-#### ssl (bool)
-
-Indicate that "Secure flag" should be set for middleware WebServerSession cookie only !!!!
-(default is False)
-
-non-sense in http_only mode.
 
 #### parano (bool)
 
@@ -102,7 +96,7 @@ from starlette.responses import PlainTextResponse
 async def serve(req):
     return PlainTextResponse("body {}")
 
-app=Runner( App, debug=False, ssl=True )
+app=Runner( App, debug=False )
 app.add_route("/my.css", serve)
 ```
 
@@ -112,7 +106,7 @@ Example to add another htag app on another endpoint :
 async def serve(req):
     return await req.app.handle(req, App2 )
 
-app=Runner( App, debug=False, ssl=True )
+app=Runner( App, debug=False )
 app.add_route("/my_other_app", serve)
 ```
 

diff --git a/htagweb/runners.py b/htagweb/runners.py
@@ -51,14 +51,11 @@
 parano_seed = lambda uid: hashlib.md5(uid.encode()).hexdigest()
 
 class WebServerSession:  # ASGI Middleware, for starlette
-    def __init__(self, app:ASGIApp, https_only:bool = False ) -> None:
+    def __init__(self, app:ASGIApp ) -> None:
         self.app = app
         self.session_cookie = "session"
         self.max_age = 0
         self.path = "/"
-        self.security_flags = "httponly; samesite=none"
-        if https_only:  # Secure flag can be used with HTTPS only
-            self.security_flags += "; secure"
 
     async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
         if scope["type"] not in ("http", "websocket"):  # pragma: no cover
@@ -72,6 +69,10 @@ async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
         else:
             uid = str(uuid.uuid4())
 
+        security_flags = "httponly; samesite=none"
+        if connection.url.scheme == "https":  # Secure flag can be used with HTTPS only
+            security_flags += "; secure"
+
         #!!!!!!!!!!!!!!!!!!!!!!!!!!!
         scope["uid"]     = uid
         scope["session"] = Session(uid)   # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@@ -88,7 +89,7 @@ async def send_wrapper(message: Message) -> None:
                     data=uid,
                     path=self.path,
                     max_age=f"Max-Age={self.max_age}; " if self.max_age else "",
-                    security_flags=self.security_flags,
+                    security_flags=security_flags,
                 )
                 headers.append("Set-Cookie", header_value)
             await send(message)
@@ -199,7 +200,7 @@ def __init__(self,
                 host="0.0.0.0",
                 port=8000,
                 debug:bool=False,
-                ssl:bool=False, # now, Indicate that Secure flag should be set for middleware WebServerSession (cookies)
+                ssl=None, # DEPRECATED
                 parano:bool=False,
                 http_only:bool=False,
                 timeout_interaction:int=60,
@@ -212,6 +213,8 @@ def __init__(self,
         self.timeout_interaction = timeout_interaction
         self.timeout_inactivity = timeout_inactivity
         self.fullerror = debug
+        if ssl is not None:
+            print("***WARNING**","Runner( ... ssl ...) is deprecated, and has no effect")
 
         ###################################################################
 
@@ -225,7 +228,7 @@ def __init__(self,
         Starlette.__init__( self,
             debug=debug,
             routes=routes,
-            middleware=[Middleware(WebServerSession,https_only=ssl)],
+            middleware=[Middleware(WebServerSession)],
             lifespan=lifespan,
         )