jz1llw
Last Updated: February 25, 2016
·
1.219K
· gourneau

Have Django prepend https to links

If you are trying to build a secure site setting up https is the first step.

With Django if you are using things like HttpRedirectRequest you will soon discover that by default they will redirect to plain old http, bummer.

Thankfully, there is an easy way to fix this. Just set your HTTPS environment variable to be "on"

With heroku you can add it like this

heroku config:add HTTPS=on

Or you can just add it to the top of your wsgi.py file like this

os.environ['HTTPS'] = "on"

One more important note, make sure that DEBUG is False in settings.py or this will not work!

DEGUG = False

Also if you are using heroku, their reverse http proxy breaks request.is_secure which breaks other things. The most obvious will be APPEND_SLASH = True this is another bummer. Luckly there is a easy fix. Just add this to settings.py

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https',)

via https://twitter.com/chuckharmston/status/225857111157006336 other fixes at https://github.com/allanlei/django-heroku-helpers

This was taken from a great post at http://security.stackexchange.com/a/8970/17658