Opened 8 years ago
Last modified 8 years ago
#28359 closed New feature
SecurityMiddleware's SECURE_SSL_HOST only affects unsecure requests — at Initial Version
| Reported by: | Matthias Kestenholz | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Carl Meyer | Triage Stage: | Unreviewed |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
For search engine optimization purposes it is preferable to have a single domain serving all requests. We have a custom middleware in most projects which handles this but dropped the middleware for sites using SSL:
from django.conf import settings
from django.http import HttpResponsePermanentRedirect
def force_domain(get_response):
if settings.DEBUG or not settings.FORCE_DOMAIN:
return get_response
def middleware(request):
if request.method != 'GET':
return get_response(request)
if request.get_host() != settings.FORCE_DOMAIN:
target = 'http%s://%s%s' % (
request.is_secure() and 's' or '',
settings.FORCE_DOMAIN,
request.get_full_path())
return HttpResponsePermanentRedirect(target)
return get_response(request)
return middleware
It seems to me that setting SECURE_SSL_REDIRECT and SECURE_SSL_HOST should also handle the case where 1. a request already uses a secure connection but 2. the host does not equal SECURE_SSL_HOST.
(Categorized as new feature because that's more fun.)
Note:
See TracTickets
for help on using tickets.