rdegges / django-sslify Goto Github PK

There are cases when you want to be in DEBUG mode but test out HTTP->HTTPS redirects.
I am using this patch: cancan101@2cee4fb

Allow specifying what port SSL should be redirected to.

I can submit this PR if you like: cancan101@f898602

Hello,

I just wanted to say thank you for making this - it made me very happy today when I was updating a site I maintain, it worked exactly as described, and saved me a lot of swearing at a computer.

🥇 👍

Does http://stackoverflow.com/a/26670053/34935 mean this library is now in core Django as of 1.8?

Hi Randall,

I am attempting to use this middleware but am having some issues. I added the middleware to my middleware classes (first in the list), and set my application to DEBUG=False. But I am currently unable to render any templates, or rather keep getting this message:

[27/Mar/2015 18:21:27] code 400, message Bad request syntax ('\x16\x03\x01\x00\xaf\x01\x00\x00\xab\x03\x03U\x15\x9f\xa7\xa1\xaf\xf3\xb5s\x17/i\x96-\xee\xeb\xcb\x11\xc5\xb7\x81\xef\xc8\x9a\xdc\xd4/\xc2\x039\xd6\x96\x00\x00J\x00\xff\xc0$\xc0#\xc0')

I read up on a StackOverflow post saying this is related to HTTPS requests but of course, need HTTPS to work for my Django Web App. Any ideas on how to fix this?

The latest version of django-sslify on PyPI (0.2) does not contain the changes made in Issue #6 (3 months ago), specifically it does not respect the SSLIFY_DISABLE setting.

The latest code version number appears to be 0.2.1 so just running this should do it.

python setup.py sdist upload

Thanks a bunch!

Is there (or should there be) an easy way to disable sslify when running under localhost?

I spent hours trying to debug this.

In Nginx I have port 80 redirecting to port 443. I attempted to turn off debug and I would always got an infinite 301 loop. My fix was to uninstall django-sslify and it worked fine!

Did I do anything wrong?

when running tests, I am getting some errors. is it possible to disable the middleware while running tests?

My team has just implemented SSLify in our project, however, we faced a little hurdle with our Django tests.

Basically, for now we'll disable the middleware durings tests, because the Django test client makes HTTP requests by default, and we'll need to switch all those calls to HTTPS (e.g. with the secure option added in 1.7).

So why not turn DEBUG at True for the duration of the tests, we thought? From the README:

Disabling SSLify

If you'd like to disable SSLify in certain environments (for local development, or running unit tests), the best way to do it is to modify your settings file and add the following:
SSLIFY_DISABLE = True

Note
django-sslify is automatically disabled if settings.DEBUG is True.

Well, that was a bad idea, because we didn't know this (and was painful to discover):

Regardless of the value of the DEBUG setting in your configuration file, all Django tests run with DEBUG=False. This is to ensure that the observed output of your code matches what will be seen in a production setting.

https://docs.djangoproject.com/en/1.6/topics/testing/overview/#other-test-conditions (also valid for 1.7, 1.8)

Bottom line is, recommending SSLIFY_DISABLE is definitely correct, but maybe it would be worth adding a little warning regarding that behavior of Django with DEBUG?
It might even make sense to drop the support for DEBUG in the light of this.

This library looks like it could be quite useful.

However, I'm finding that everything in my static fold is 404'ing when I enable django-sslify.
So all my css is being lost.

Have you seen this behavior before?

The tests are breaking with Django 1.8 for a reason I can't seem to figure out atm. Will look into this when I get some more free time. I'm 100% open to merging in patches if anyone on here is more familiar than myself: https://travis-ci.org/rdegges/django-sslify/jobs/57279087

Apologies in advance if this isn't the appropriate place to note the following.

When using django-sslify with an app behind Cloudflare, you have to have the Cloudflare SSL option set to "Full SSL" (or possibly "Off", but I'm unable to test that).

This is because if you have the Cloudflare SSL option set to "Flexible", even if the user specifies an HTTPS connection, Cloudflare will then connect to your app without SSL (see image above) and HTTP_X_FORWARDED_PROTO will be set to http. This will cause an infinite redirect loop as django-sslify attempts to redirect the connection to HTTPS - starting the whole loop over again.

Whether this is worth noting in the README or better to close this issue as a record for others to find via google, I'll leave to you @rdegges 😃

Hi Randall!

Would there be any chance of rolling a release? The PR merged in #35 a year or so ago is now needed for Django 2.0, and isn't in a released version on PyPI.

Thanks!
Marc

Problem: can't run local server.
Command python manage.py runserver fails with following error:

...
mw_instance = middleware(handler)
TypeError: SSLifyMiddleware() takes no arguments

I've installed django-sslify using pipenv install django-sslify command.
Current requrements.txt contents below:

Django==2.0.7
django-sslify==0.2.7
pytz==2018.5

Then made following changes at my settings.py:

SECURE_SSL_REDIRECT = True

INSTALLED_APPS = [
    'sslify',
     '...',
 ]

MIDDLEWARE = [
      'sslify.middleware.SSLifyMiddleware',
     '...',
 ]

Probably I missed some small detail. Will appreciate if someone point where to.

code 400, message Bad request syntax ('\x16\x03\x01\x00\x9d\x01\x00\x00\x99\x03\x03\xc7=\xf4d?\x92')

Specify which versions are supported (including the version major identifiers) using trove classifiers.

This helps show people which versions the project supports and also tools like caniusepython3.

You may want to include a line in your README that suggests adding

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

to your settings file for Heroku instances.

More info here: http://stackoverflow.com/questions/12488285/tastypie-post-location-https-vs-http.

Thanks for the code!