From 6a5a29672d8fe480c943a3c8d316734fd6f52e3c Mon Sep 17 00:00:00 2001
From: Michael Snoyman <michael@fpcomplete.com>
Date: Wed, 3 Feb 2016 12:37:48 +0000
Subject: [PATCH] Don't force SSL for tarballs (for cabal-install support)

---
 Application.hs | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/Application.hs b/Application.hs
index 846bfde..266af7a 100644
--- a/Application.hs
+++ b/Application.hs
@@ -10,7 +10,7 @@ import           Control.Exception (catch)
 import           Data.WebsiteContent
 import           Import hiding (catch)
 import           Language.Haskell.TH.Syntax (Loc(..))
-import           Network.Wai (Middleware, responseLBS)
+import           Network.Wai (Middleware, responseLBS, rawPathInfo)
 import           Network.Wai.Logger (clockDateCacher)
 import           Network.Wai.Middleware.ForceSSL (forceSSL)
 import           Network.Wai.Middleware.RequestLogger
@@ -89,9 +89,14 @@ makeApplication echo@False conf = do
     return (middleware app, logFunc)
 
 forceSSL' :: AppConfig DefaultEnv Extra -> Middleware
-forceSSL' app
-    | extraForceSsl $ appExtra app = forceSSL
-    | otherwise = id
+forceSSL' ac app
+    | extraForceSsl $ appExtra ac = \req send ->
+        -- Don't force SSL for tarballs, to provide 00-index.tar.gz and package
+        -- tarball access for cabal-install
+        if ".tar.gz" `isSuffixOf` rawPathInfo req
+            then app req send
+            else forceSSL app req send
+    | otherwise = app
 
 nicerExceptions :: Middleware
 nicerExceptions app req send = catch (app req send) $ \e -> do