Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django request.is_secure returns wrong value for redirected methods

I am trying to write a ssl redirection utility for django apps (https://bitbucket.org/yilmazhuseyin/django-sslredirector). My problem is when I redirect pages from http to https, I cannot understand that I am on secure connection ( when I call request.is_secure it returns false). I think there is a hack for this , somehow called Webfaction that I cannot really get how it works. here is the is_secure method for webfaction case

   def _is_secure(self, request):
        if request.is_secure():
        return True

        #Handle the Webfaction case until this gets resolved in the request.is_secure()
        if 'HTTP_X_FORWARDED_SSL' in request.META:
        return request.META['HTTP_X_FORWARDED_SSL'] == 'on'

My problem is when I redirect my pages from http to https, request.is_secure method still returns false (event though I am on https) and I constantly redirect my pages to https. Is there any way to understand if I am just redirected from https?

The best source I could find is this http://djangosnippets.org/snippets/880/ and it is not working for me

like image 869
yilmazhuseyin Avatar asked Dec 03 '11 09:12

yilmazhuseyin


1 Answers

If your traffic is going through some kind of proxy it is possible that the fact that you are using SSL will be hidden. However, the proxy will usually set some kind of HTTP header (or you can configure it to do so). One option is HTTP_X_FORWARDED_SSL. Heroku sets HTTP_X_FORWARDED_PROTO to https if you are using https.

like image 139
jgeralnik Avatar answered Sep 22 '22 12:09

jgeralnik