id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
28359	SecurityMiddleware's SECURE_SSL_HOST only affects unsecure requests	Matthias Kestenholz	nobody	"For search engine optimization purposes it is preferable to have a single domain serving all requests. We have a custom middleware in most projects which handles this but dropped the middleware for sites using SSL:


{{{
from django.conf import settings
from django.http import HttpResponsePermanentRedirect


def force_domain(get_response):
    if settings.DEBUG or not settings.FORCE_DOMAIN:
        return get_response

    def middleware(request):
        if request.method != 'GET':
            return get_response(request)

        if request.get_host() != settings.FORCE_DOMAIN:
            target = 'http%s://%s%s' % (
                request.is_secure() and 's' or '',
                settings.FORCE_DOMAIN,
                request.get_full_path())
            return HttpResponsePermanentRedirect(target)

        return get_response(request)

    return middleware
}}}

It seems to me that setting `SECURE_SSL_REDIRECT` and `SECURE_SSL_HOST` should also handle the case where 1. a request already uses a secure connection but 2. the host does not equal `SECURE_SSL_HOST`.

(Categorized as new feature because that's more fun.)"	New feature	new	HTTP handling	dev	Normal				Unreviewed	0	0	0	0	1	0