Opened 13 years ago
Closed 10 years ago
#17102 closed New feature (fixed)
Add SSL-redirect middleware to better support all-SSL sites
Reported by: | Carl Meyer | Owned by: | nobody |
---|---|---|---|
Component: | Core (Other) | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Since you pretty much shouldn't do anything with sessions or logins on a public site without SSL, I think a solid majority of public Django sites probably ought to be all-SSL. Given this, I think Django core should provide good support for all-SSL sites out of the box.
One piece of an all-SSL site is redirecting non-SSL requests to SSL. Often this will be done via a front-end proxy server, but a Django middleware to do it is quite simple, and I don't see much reason not to include one.
There's an existing implementation in django-secure.
Change History (2)
comment:1 by , 13 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:2 by , 10 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
This was fixed in 52ef6a47269a455113d95992f868939131f9c10c as part of #17101.