Opened 3 years ago

Closed 4 months ago

#17102 closed New feature (fixed)

Add SSL-redirect middleware to better support all-SSL sites

Reported by: carljm Owned by: nobody
Component: Core (Other) Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Since you pretty much shouldn't do anything with sessions or logins on a public site without SSL, I think a solid majority of public Django sites probably ought to be all-SSL. Given this, I think Django core should provide good support for all-SSL sites out of the box.

One piece of an all-SSL site is redirecting non-SSL requests to SSL. Often this will be done via a front-end proxy server, but a Django middleware to do it is quite simple, and I don't see much reason not to include one.

There's an existing implementation in django-secure.

Change History (2)

comment:1 Changed 3 years ago by aaugustin

  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 4 months ago by erikr

  • Resolution set to fixed
  • Status changed from new to closed

This was fixed in 52ef6a47269a455113d95992f868939131f9c10c as part of #17101.

Note: See TracTickets for help on using tickets.
Back to Top