id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
14597	request.is_secure() should support headers like: X-Forwarded-Protocol and X-Forwarded-Ssl	George Notaras	Adrian Holovaty	"{{{request.is_secure()}}} should support checking the existence of an HTTP header like '''X-Forwarded-Protocol''' and/or '''X-Forwarded-Ssl'''. Currently, request.is_secure() relies only upon the existence of the environment variable '''HTTPS''', which causes problems in cases that a request is proxied to Django from another web server, eg nginx.

Related tickets in other projects:

 * http://www.cherrypy.org/changeset/1980
 * http://github.com/benoitc/gunicorn/issues/issue/51

Of course, it is always possible to export the {{{HTTPS=on}}} environment variable to the shell that invokes the django server process, but supporting any of the aforementioned or other relevant http headers would make things easier and more straight-forward when setting up secure websites.
"	New feature	closed	HTTP handling	1.2	Normal	fixed			Accepted	0	0	0	0	0	0