summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--django/contrib/syndication/views.py23
-rw-r--r--tests/regressiontests/syndication/tests.py23
2 files changed, 40 insertions, 6 deletions
diff --git a/django/contrib/syndication/views.py b/django/contrib/syndication/views.py
index 804a94508f..d942b2f9dc 100644
--- a/django/contrib/syndication/views.py
+++ b/django/contrib/syndication/views.py
@@ -8,13 +8,17 @@ from django.utils import feedgenerator, tzinfo
from django.utils.encoding import force_unicode, iri_to_uri, smart_unicode
from django.utils.html import escape
-def add_domain(domain, url):
+def add_domain(domain, url, secure=False):
if not (url.startswith('http://')
or url.startswith('https://')
or url.startswith('mailto:')):
# 'url' must already be ASCII and URL-quoted, so no need for encoding
# conversions here.
- url = iri_to_uri(u'http://%s%s' % (domain, url))
+ if secure:
+ protocol = 'https'
+ else:
+ protocol = 'http'
+ url = iri_to_uri(u'%s://%s%s' % (protocol, domain, url))
return url
class FeedDoesNotExist(ObjectDoesNotExist):
@@ -94,7 +98,7 @@ class Feed(object):
current_site = get_current_site(request)
link = self.__get_dynamic_attr('link', obj)
- link = add_domain(current_site.domain, link)
+ link = add_domain(current_site.domain, link, request.is_secure())
feed = self.feed_type(
title = self.__get_dynamic_attr('title', obj),
@@ -102,8 +106,11 @@ class Feed(object):
link = link,
description = self.__get_dynamic_attr('description', obj),
language = settings.LANGUAGE_CODE.decode(),
- feed_url = add_domain(current_site.domain,
- self.__get_dynamic_attr('feed_url', obj) or request.path),
+ feed_url = add_domain(
+ current_site.domain,
+ self.__get_dynamic_attr('feed_url', obj) or request.path,
+ request.is_secure(),
+ ),
author_name = self.__get_dynamic_attr('author_name', obj),
author_link = self.__get_dynamic_attr('author_link', obj),
author_email = self.__get_dynamic_attr('author_email', obj),
@@ -137,7 +144,11 @@ class Feed(object):
description = description_tmp.render(RequestContext(request, {'obj': item, 'site': current_site}))
else:
description = self.__get_dynamic_attr('item_description', item)
- link = add_domain(current_site.domain, self.__get_dynamic_attr('item_link', item))
+ link = add_domain(
+ current_site.domain,
+ self.__get_dynamic_attr('item_link', item),
+ request.is_secure(),
+ )
enc = None
enc_url = self.__get_dynamic_attr('item_enclosure_url', item)
if enc_url:
diff --git a/tests/regressiontests/syndication/tests.py b/tests/regressiontests/syndication/tests.py
index 7911657079..76a6c88bc1 100644
--- a/tests/regressiontests/syndication/tests.py
+++ b/tests/regressiontests/syndication/tests.py
@@ -236,6 +236,25 @@ class SyndicationFeedTest(FeedTestCase):
if link.getAttribute('rel') == 'self':
self.assertEqual(link.getAttribute('href'), 'http://example.com/customfeedurl/')
+ def test_secure_urls(self):
+ """
+ Test URLs are prefixed with https:// when feed is requested over HTTPS.
+ """
+ response = self.client.get('/syndication/rss2/', **{
+ 'wsgi.url_scheme': 'https',
+ })
+ doc = minidom.parseString(response.content)
+ chan = doc.getElementsByTagName('channel')[0]
+ self.assertEqual(
+ chan.getElementsByTagName('link')[0].firstChild.wholeText[0:5],
+ 'https'
+ )
+ atom_link = chan.getElementsByTagName('atom:link')[0]
+ self.assertEqual(atom_link.getAttribute('href')[0:5], 'https')
+ for link in doc.getElementsByTagName('link'):
+ if link.getAttribute('rel') == 'self':
+ self.assertEqual(link.getAttribute('href')[0:5], 'https')
+
def test_item_link_error(self):
"""
Test that a ImproperlyConfigured is raised if no link could be found
@@ -271,6 +290,10 @@ class SyndicationFeedTest(FeedTestCase):
'http://example.com/foo/?arg=value'
)
self.assertEqual(
+ views.add_domain('example.com', '/foo/?arg=value', True),
+ 'https://example.com/foo/?arg=value'
+ )
+ self.assertEqual(
views.add_domain('example.com', 'http://djangoproject.com/doc/'),
'http://djangoproject.com/doc/'
)