I have a Flask app running on CherryPy locally as http://localhost:5000 which is then exposed through an Nginx reverse proxy as https://some.website.com
The issue I'm having is that each time my app calls redirect(url_for('some.endpoint')) it returns a http:// redirect.
Normally I would correct this issue with a url rewrite rule, but that is not possible in my scenario because all http port 80 traffic is being blocked at the firewall level and only https traffic is accepted by the server.
I've been able to cheat my way around this for now by adding the _external=True, _scheme='https' parameters on the url_for function but I'm running into issues all over the place like in the @login_required decorator breaking because it tries to redirect the user to http://some.website.com/login which just times out after the connection is rejected.
Within the Flask config object I have set:
PREFERRED_URL_SCHEME = "https"
but this has no effect on the issue.
I have also added the following headers to the nginx.conf file:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Url-Scheme https;
which also has no effect.
Has anyone with a similar issue found a solution to this?
EDIT: I have included the ProxyFix middleware from werkzeig.contrib.fixers by adding the line flask_app.wsgi_app = ProxyFix(flask_app.wsgi_app) to my app before cherrypy.engine.start() is called, I'm still having the same issue even after restarting the server and clearing all cache:
Could it be possible that CherryPy needs any additional config options?
