Have Django prepend https to links
If you are trying to build a secure site setting up https is the first step.
With Django if you are using things like HttpRedirectRequest you will soon discover that by default they will redirect to plain old http, bummer.
Thankfully, there is an easy way to fix this. Just set your HTTPS environment variable to be "on"
With heroku you can add it like this
heroku config:add HTTPS=onOr you can just add it to the top of your wsgi.py file like this
os.environ['HTTPS'] = "on"One more important note, make sure that DEBUG is False in settings.py or this will not work!
DEGUG = FalseAlso if you are using heroku, their reverse http proxy breaks request.is_secure which breaks other things. The most obvious will be APPEND_SLASH = True this is another bummer. Luckly there is a easy fix. Just add this to settings.py
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https',)via https://twitter.com/chuckharmston/status/225857111157006336 other fixes at https://github.com/allanlei/django-heroku-helpers
This was taken from a great post at http://security.stackexchange.com/a/8970/17658
Written by Joshua Gourneau
Related protips
Have a fresh tip? Share with Coderwall community!
