Updated use_reverse_proxy

[gitmopp]

No description provided.

[ncrocfer]

I'm not sure this is true (just tried in local and I'm still in http. @ldurnez can you review it please?

[gitmopp]

I'm not sure this is true (just tried in local and I'm still in http. @ldurnez can you review it please?

In my environment it changed the notifications URLs in emails to https.

Have a look at line 170 in https://github.com/opencve/opencve/blob/master/opencve/settings.py

        # Reverse proxy should used HTTPS
        if app.config["USE_REVERSE_PROXY"]:
            app.config["PREFERRED_URL_SCHEME"] = "https"
            app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1, x_host=1)

The USE_REVERSE_PROXY setting will change the flask PREFERRED_URL_SCHEME to https, see https://flask.palletsprojects.com/en/2.0.x/config/.
The PREFERRED_URL_SCHEME will change the default behaviour for url_for.

[ncrocfer]

Have a look at line 170 in https://github.com/opencve/opencve/blob/master/opencve/settings.py

I know this code, I wrote it 😄

In my environment it changed the notifications URLs in emails to https.

Yes but the other links (in all OpenCVE application pages) are not changed to https, so what I want to say was: maybe just saying * If True https links instead of http links are generated.* is really not enought to confirm https link will be generated in OpenCVE.

A reverse proxy or something else in front of OpenCVE application has to be configured to really provide a secured connection.

So for me the PR is unfortunately incomplete. It's because @ldurnez configured the https://www.opencve.io instance that I asked him a confirmation of what I said ;)