Incorrect redirect to http instead of https
|Reported by:||Owned by:||nobody|
|Severity:||Normal||Keywords:||redirect http https|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
To reproduce on a secure django website - Django (1.1)/mod_wsgi (2.5)/Python (2.5):
- Verify that https://secure.example.com/admin/ works
- Now try https://secure.example.com/admin
- Note that it has redirected to http://secure.example.com/admin instead of https://secure.example.com/admin/
This also happens in various other circumstances where Django decides to do a redirect for you. E.g. after logging out and back in.
Humorous note: The following rather dubious hack works great for me because all of my pages are https :)
# Not recommended for general use! def is_secure(self): return True
The correct fix will involve figuring out the correct detection of the url scheme in all cases.
Change History (7)
comment:5 Changed 5 years ago by