I have python/django app on Heroku (Cedar stack) and would like to make it accessible over https only. I have enabled the "ssl piggyback"-option, and can connect to it via https.
But what is the best way to disable http access, or redirect to https?
Uploading the Script Open the file using a text editor and add any dependencies needed such as numpy in order to run your project as when you deploy to Heroku the “pip” install command will be running to make sure all dependencies are present in order to run the script. 3. git add .
Heroku recognizes an app as a Python app by looking for key files. Including a requirements. txt in the root directory is one way for Heroku to recognize your Python app.
Combining the answer from @CraigKerstiens and @allanlei into something I have tested, and verified to work. Heroku sets the HTTP_X_FORWARDED_PROTO to https when request is ssl, and we can use this to check:
from django.conf import settings from django.http import HttpResponseRedirect class SSLMiddleware(object): def process_request(self, request): if not any([settings.DEBUG, request.is_secure(), request.META.get("HTTP_X_FORWARDED_PROTO", "") == 'https']): url = request.build_absolute_uri(request.get_full_path()) secure_url = url.replace("http://", "https://") return HttpResponseRedirect(secure_url)
Django 1.8 will have core support for non-HTTPS redirect (integrated from django-secure):
SECURE_SSL_REDIRECT = True # [1] SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
In order for SECURE_SSL_REDIRECT
to be handled you have to use the SecurityMiddleware
:
MIDDLEWARE = [ ... 'django.middleware.security.SecurityMiddleware', ]
[1] https://docs.djangoproject.com/en/1.8/ref/settings/#secure-ssl-redirect
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With