Don't redirect dynamic CSS from https to http

This can break things (d'uh).

Do this by introducing a new decorator, @ssl_optional. When this is
present, no SSL redirection will happen, regardless of whether the
access comes in over http or https.

This decorator overrides @ssl_required, but for redability's sake,
never use both at the same time.

pgweb/core/views.py

@@ -14,7 +14,7 @@ import os
 import re
 import urllib
 
-from pgweb.util.decorators import ssl_required, cache, nocache
+from pgweb.util.decorators import ssl_required, ssl_optional, cache, nocache
 from pgweb.util.contexts import NavContext
 from pgweb.util.helpers import simple_form, PgXmlHelper, HttpServerError
 from pgweb.util.moderation import get_all_pending_moderations
@@ -174,6 +174,7 @@ _dynamic_cssmap = {
 		     '../media/css/docs.css'],
 	}
 @cache(hours=6)
+@ssl_optional
 def dynamic_css(request, css):
 	if not _dynamic_cssmap.has_key(css):
 		raise Http404('CSS not found')

pgweb/util/decorators.py

@@ -8,6 +8,13 @@ def ssl_required(fn):
 	# wraps retains original function attributes such as __name__, csrf_exempt, etc
 	return wraps(_require_ssl)(fn)
 
+def ssl_optional(fn):
+	def _optional_ssl(request, *_args, **_kwargs):
+		return fn(request, *_args, **_kwargs)
+	_optional_ssl.ssl_optional = True
+	# wraps retains original function attributes such as __name__, csrf_exempt, etc
+	return wraps(_optional_ssl)(fn)
+
 def nocache(fn):
 	def _nocache(request, *_args, **_kwargs):
 		resp = fn(request, *_args, **_kwargs)

pgweb/util/middleware.py

@@ -24,6 +24,11 @@ class PgMiddleware(object):
 		if hasattr(settings,'NO_HTTPS_REDIRECT') and settings.NO_HTTPS_REDIRECT:
 			return None
 
+		# Does this view allow both SSL and non-ssl?
+		if getattr(view_func, 'ssl_optional', False):
+			# SSL is optional, so perform no redirects
+			return None
+
 		# Always redirect the admin interface to https
 		if request.path.startswith('/admin'):
 			if not request.is_secure():