From 47acef87acc10982097440e1d8818f245bede784 Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Mon, 20 Sep 2021 02:40:40 +0200
Subject: [PATCH] Reenabled OAUTHLIB_INSECURE_TRANSPORT

---
 app.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app.py b/app.py
index ebce794..52e1e2c 100644
--- a/app.py
+++ b/app.py
@@ -14,9 +14,10 @@ def create_app(test_config=None):
 		app.config.from_pyfile('config.py', silent=True)
 	else:
 		app.config.from_mapping(test_config)
-	# oauthlib enforces the OAuth2.0 requirement to use HTTPS, when this is not set
-	if app.debug:
-		os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
+	# OAuth2Session.fetch_token verifies that the passed URIs scheme (the scheme
+	# of request.url) is HTTPS. The way we deploy this app, request.url does not
+	# reflect the actual request url, so we disable this check.
+	os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
 
 	@app.route('/auth')
 	def auth():
@@ -51,7 +52,6 @@ def create_app(test_config=None):
 
 	@app.route('/cookiecheck')
 	def login_cookiecheck():
-		print(session)
 		if not session.get('cookies_enabled'):
 			session.clear()
 			session['cookies_enabled'] = True
-- 
GitLab