I want Django Allauth to send links like the confirm e-mail or reset password with https:
Something like this:
https://example.com/ca/accounts/confirm-email/picuwfpjpptjswi50x5zb4gtsqptmwkscea445kadnbsfwcyij3fdnblery4onuq/
According to the official documentation only changing the following setting in settings.py it should work:
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
But I keep getting the links with http instead of https like this:
http://example.com/ca/accounts/confirm-email/picuwfpjpptjswi50x5zb4gtsqptmwkscea445kadnbsfwcyij3fdnblery4onuq/
Am I missing something? Thank you!
Digging into the code a little bit, you can see that allauth sets the activate_url template context variable using Django's build in build_absolute_uri method:
https://github.com/pennersr/django-allauth/blob/master/allauth/account/models.py#L119
...
activate_url = reverse("account_confirm_email", args=[self.key])
activate_url = request.build_absolute_uri(activate_url)
ctx = {
"activate_url": activate_url,
...
}
Looking at the code for the build_absolute_uri you can see it requires a environment variable:
https://github.com/django/django/blob/master/django/http/request.py#L153
def _get_scheme(self):
return 'https' if os.environ.get("HTTPS") == "on" else 'http'
to return https:// in URLs generated by this function, you need to set a HTTPS environment variable.
It depends on how you have set up your project, but you can set the environment variable in your settings.py or manage.py
The following is a good post on general Django security when it comes to SSL:
EDIT
Strangely, the reset password template uses a different approach to constructing the URL:
https://github.com/pennersr/django-allauth/blob/master/allauth/account/forms.py#L428
url = '%s://%s%s' % (app_settings.DEFAULT_HTTP_PROTOCOL,
current_site.domain,
path)
context = {"site": current_site,
"user": user,
"password_reset_url": url}
using the DEFAULT_HTTP_PROTOCOL settings instead
来源:https://stackoverflow.com/questions/25824598/django-allauth-not-sending-links-with-https