My team has just implemented SSLify in our project, however, we faced a little hurdle with our Django tests.
Basically, for now we'll disable the middleware durings tests, because the Django test client makes HTTP requests by default, and we'll need to switch all those calls to HTTPS (e.g. with the secure
option added in 1.7).
So why not turn DEBUG
at True
for the duration of the tests, we thought? From the README:
Disabling SSLify
If you'd like to disable SSLify in certain environments (for local development, or running unit tests), the best way to do it is to modify your settings file and add the following:
SSLIFY_DISABLE = True
Note
django-sslify
is automatically disabled if settings.DEBUG
is True
.
Well, that was a bad idea, because we didn't know this (and was painful to discover):
Regardless of the value of the DEBUG setting in your configuration file, all Django tests run with DEBUG=False. This is to ensure that the observed output of your code matches what will be seen in a production setting.
https://docs.djangoproject.com/en/1.6/topics/testing/overview/#other-test-conditions (also valid for 1.7, 1.8)
Bottom line is, recommending SSLIFY_DISABLE
is definitely correct, but maybe it would be worth adding a little warning regarding that behavior of Django with DEBUG
?
It might even make sense to drop the support for DEBUG
in the light of this.