Do you want to force HTTPs across your Django site? You're in the right place!
To install django-sslify
, simply run pip install django-sslify
and
you'll get the latest version installed automatically.
If you're using Heroku, you should add: django-sslify>=0.2
to your
requirements.txt
file in the root of your project directory.
Modify your Django settings.py
file, and prepend
sslify.middleware.SSLifyMiddleware
to your MIDDLEWARE_CLASSES
setting:
MIDDLEWARE_CLASSES = (
'sslify.middleware.SSLifyMiddleware',
# ...
)
NOTE: Make sure sslify.middleware.SSLifyMiddleware
is the first
middleware class listed, as this will ensure that if a user makes an unsecure
request (over HTTP), they will be redirected to HTTPs before any actual
processing happens.
If you're using Heroku, you should also add the following settings to your Django settings file:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
This ensures that Django will be able to detect a secure connection properly.
If you'd like to disable SSLify in certain environments (for local development, or running unit tests), the best way to do it is to modify your settings file and do something like this:
# Disable SSLify if DEBUG is enabled.
if DEBUG:
SSLIFY_DISABLE = True
You can disable SSLify at any time by setting SSLIFY_DISABLE = True
.
This code was taken from this StackOverflow thread.
I've only tested this on Heroku, so if it doesn't work for you, please send a pull request and I'll merge.
If you're using Heroku, and have no idea how to setup SSL, read this great article which talks about using the new SSL endpoint addon (which fucking rocks!).
Want to run the tests? No problem:
$ git clone git://github.com/rdegges/django-sslify.git
$ cd django-sslify
$ python setup.py develop
...
$ python manage.py test sslify
.
----------------------------------------------------------------------
Ran 1 tests in 0.000s
OK
Creating test database for alias 'default'...
Destroying test database for alias 'default'...