Merge pull request #742 from getredash/feature/permissions

Add option to enforce HTTPs at the "Flask level"

rd_ui/app/index.html

@@ -40,7 +40,7 @@
             <span class="icon-bar"></span>
             <span class="icon-bar"></span>
         </button>
-        <a class="navbar-brand" href="/"><img src="/images/redash_icon_small.png"/></a>
+        <a class="navbar-brand" href="{{base_href}}"><img src="/images/redash_icon_small.png"/></a>
     </div>
     {% raw %}
     <div class="collapse navbar-collapse navbar-ex1-collapse">

redash/settings.py

@@ -74,6 +74,7 @@ QUERY_RESULTS_CLEANUP_MAX_AGE = int(os.environ.get("REDASH_QUERY_RESULTS_CLEANUP
 
 AUTH_TYPE = os.environ.get("REDASH_AUTH_TYPE", "api_key")
 PASSWORD_LOGIN_ENABLED = parse_boolean(os.environ.get("REDASH_PASSWORD_LOGIN_ENABLED", "true"))
+ENFORCE_HTTPS = parse_boolean(os.environ.get("REDASH_ENFORCE_HTTPS", "false"))
 
 MULTI_ORG = parse_boolean(os.environ.get("REDASH_MULTI_ORG", "false"))
 

redash/wsgi.py

@@ -1,5 +1,6 @@
 import json
 from flask import Flask, make_response
+from flask.ext.sslify import SSLify
 from werkzeug.wrappers import Response
 from werkzeug.contrib.fixers import ProxyFix
 from flask.ext.restful import Api
@@ -51,6 +52,10 @@ api = ApiExt(app)
 init_admin(app)
 
 
+if settings.ENFORCE_HTTPS:
+    SSLify(app, skips=['/ping'])
+
+
 if settings.SENTRY_DSN:
     from raven.contrib.flask import Sentry
     sentry = Sentry(app, dsn=settings.SENTRY_DSN)

requirements.txt

@@ -4,6 +4,7 @@ Flask-RESTful==0.3.5
 Flask-Login==0.3.2
 Flask-OAuthLib==0.9.2
 flask-mail==0.9.1
+flask-sslify==0.1.5
 passlib==1.6.2
 Jinja2==2.8
 MarkupSafe==0.23