Pythonanywhere Web2Py redirect to HTTPS

Question

I have create a webproject Web2Py and would like user to access the pages on normal http:// instaed of http://.

Each time I type http://domain.pythonanywhere.com et redirect me to http://domain.pythonanywhere.com.

It taces 0.5 sec. to do the SSL check and I would like to avoid that.

This was as default:

## if SSL/HTTPS is properly configured and you want all HTTP requests to
## be redirected to HTTPS, uncomment the line below:
# request.requires_https()

Answer 1

PythonAnywhere dev here: that looks like a bug on our side. We "pin" HTTPS for our own site, so that people always go to https://www.pythonanywhere.com/, but it looks like that might have leaked over to customer sites.

Just for clarity -- if someone goes to http://yourusername.pythonanywhere.com/ then we won't initially force it to go to the https site -- they'll get the http one. But if they then go to https://yourusername.pythonanywhere.com, then their browser will remember that they have visited the https domain, so all future requests will redirect there.

That's actually generally good practice (it works around a number of security problems) but we shouldn't be forcing it on people.

[UPDATE] the bug is now fixed, many thanks to boje for pointing us at it :-) One caveat -- if you've ever visited your site over HTTPS before we applied the fix, then you'll still be forced to HTTPS. You need to clear your browser history to see the new unpinned behaviour.

Answer 2

I had an issue let http:// redirect to https:// And I found google group post on here. The following code maybe give you some ideas on your problem, Under db.py add:

############ FORCED SSL #############
from gluon.settings import global_settings
if global_settings.cronjob:
    print 'Running as shell script.'
elif not request.is_https:
    redirect(URL(scheme='https', args=request.args, vars=request.vars))
    session.secure()
#####################################