From 4f23096002b1baee9a1e8b0c3c73c62077998d4e Mon Sep 17 00:00:00 2001
From: nocci <nocci@sky-net.it>
Date: Fri, 2 May 2025 14:52:57 +0200
Subject: [PATCH] https switch in .env

---
 setup.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/setup.sh b/setup.sh
index 0e81e25..9c5cafe 100644
--- a/setup.sh
+++ b/setup.sh
@@ -131,6 +131,7 @@ BABEL_TRANSLATION_DIRECTORIES="translations"
 TZ=Europe/Berlin
 
 # Security
+FORCE_HTTPS=False
 SESSION_COOKIE_SECURE="False"
 CSRF_ENABLED="True"
 # Account registration
@@ -164,6 +165,7 @@ from werkzeug.security import generate_password_hash, check_password_hash
 from datetime import datetime, timedelta
 from flask_wtf import CSRFProtect
 from flask import abort
+from flask import request, redirect
 import io
 import warnings
 import re
@@ -253,6 +255,13 @@ def get_locale():
     return request.accept_languages.best_match(app.config['BABEL_SUPPORTED_LOCALES'])
 
 @app.before_request
+def enforce_https():
+    if os.getenv('FORCE_HTTPS', 'False').lower() == 'true':
+        # check if https wanted
+        if request.headers.get('X-Forwarded-Proto', 'http') != 'https' and not request.is_secure:
+            url = request.url.replace('http://', 'https://', 1)
+            return redirect(url, code=301)
+
 def reload_translations():
     if app.config['DEBUG']:
         babel.reload()