Enable redirection of HTTP requests to HTTPS #253
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Using Django's `SECURE_SSL_REDIRECT`: https://docs.djangoproject.com/en/5.1/ref/settings/#std-setting-SECURE_SSL_REDIRECT Also configures gunicorn's `forwarded_allow_ips` setting to `"*"` so that gunicorn trusts the `X-Forwarded-Proto` header set by the Heroku Router during TLS termination, to ensure that HTTPS requests are correctly marked as secure in the WSGI metadata passed to the WSGI app (in this case, Django). See: https://docs.gunicorn.org/en/stable/settings.html#forwarded-allow-ips https://devcenter.heroku.com/articles/http-routing#heroku-headers (Whilst the classic Python buildpack already configures this by setting the env var `FORWARDED_ALLOW_IPS`, the Python CNB doesn't yet do so, and it's clearer to have the config explicitly set in the app source.) GUS-W-17482732.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Using Django's
SECURE_SSL_REDIRECT:https://docs.djangoproject.com/en/5.1/ref/settings/#std-setting-SECURE_SSL_REDIRECT
Also configures gunicorn's
forwarded_allow_ipssetting to"*"so that gunicorn trusts theX-Forwarded-Protoheader set by the Heroku Router during TLS termination, to ensure that HTTPS requests are correctly marked as secure in the WSGI metadata passed to the WSGI app (in this case, Django). See:https://docs.gunicorn.org/en/stable/settings.html#forwarded-allow-ips
https://devcenter.heroku.com/articles/http-routing#heroku-headers
(Whilst the classic Python buildpack already configures this by setting the env var
FORWARDED_ALLOW_IPS, the Python CNB doesn't yet do so, and it's clearer to have the config explicitly set in the app source.)GUS-W-17482732.