Merge pull request #42 from AusDTO/fix/disable_custom_proxyfix

Disable CustomProxyFix

dmutils/flask_init.py

@@ -7,6 +7,7 @@
 from flask import Markup, redirect, request, session
 from flask.ext.script import Manager, Server
 from flask_login import current_user
+from werkzeug.contrib.fixers import ProxyFix
 
 from asset_fingerprint import AssetFingerprinter
 from user import User, user_logging_string
@@ -34,7 +35,7 @@ def init_app(
     # all belong to dmutils
     config.init_app(application)
     logging.init_app(application)
-    proxy_fix.init_app(application)
+    ProxyFix(application)
     request_id.init_app(application)
     force_https.init_app(application)
 

dmutils/force_https.py

@@ -42,6 +42,6 @@ def redirect_to_ssl():
 def set_hsts_header(response):
     """Adds HSTS header to each response."""
     # Should we add STS header?
-    if request.is_secure:
+    if request.url.startswith('https://'):
         response.headers.setdefault('Strict-Transport-Security', 'max-age=86400')  # 1 day in seconds
     return response

tests/test_force_https.py

@@ -7,17 +7,13 @@ class TestForceHTTPSConfig(Config):
     DM_HTTP_PROTO = "HTTPS"
 
 
-class TestForceHTTPS(object):
+class TestForceHTTPS(BaseApplicationTest):
     config_object = TestForceHTTPSConfig()
 
+    config = TestForceHTTPSConfig()
+
     def setup(self):
-        self.flask = Flask(
-            'test_app'
-        )
-        self.flask.config.from_object(self.config_object)
-        config.init_app(self.flask)
-        force_https.init_app(self.flask)
-        self.app = self.flask.test_client()
+        super(TestForceHTTPS, self).setup()
 
         @self.flask.route('/some-page')
         def some_page():