1. 技术文章
  2. How do I use a login redirect with https in Django?

How do I use a login redirect with https in Django?

别等时光非礼了梦想. 提交于 2019-12-11 03:38:27

问题


I'm using django-braces' LoginRequiredMixin for one of my views. Basically, this adds a query string of ?next=/my/desired/url to http://example.com/login/.

The issue is, I'm using an ssl certificate across my site. My nginx file is as below:

upstream app_server {
    server 127.0.0.1:9000 fail_timeout=0;
}
#
# Redirect all www to non-www
#
server {
    server_name          www.example.com;
    ssl_certificate      /src/bin/ssl/ssl-bundle.crt;
    ssl_certificate_key  /etc/ssl/private/STAR_example_com.key;
    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
    listen               *:80;
    listen               *:443 ssl spdy;
    listen               [::]:80 ipv6only=on;
    listen               [::]:443 ssl spdy ipv6only=on;

    return 301 https://example.com$request_uri;
}

#
# Redirect all non-encrypted to encrypted
#
server {
    server_name          example.com;
    listen               *:80;
    listen               [::]:80;

    return 301 https://example.com$request_uri;
}

server {
    server_name          example.com;
    ssl_certificate      /src/bin/ssl/ssl-bundle.crt;
    ssl_certificate_key  /etc/ssl/private/STAR_example_com.key;
    ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
    listen               *:443 ssl spdy;
    listen               [::]:443 ssl spdy;

    # rest goes here...

    root /usr/share/nginx/html;
    index base.html index.html index.htm;

    client_max_body_size 4G; 

    keepalive_timeout 5;

    # Your Django project's media files - amend as required
    location /media  {
        alias /src/example/media;
    expires 1y; 
    add_header Cache-Control "public";
    }   

    # your Django project's static files - amend as required
    location /static {
        alias /src/static;
    expires 1y; 
    add_header Cache-Control "public";
    } 

    location / { 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Ssl on; 
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass http://app_server;
    }   
}

I have an AJAX search submission, for which I've set the url to https. Unfortunately, I'm still getting this error:

Mixed Content: The page at 'https://example.com/my/url/' was loaded 
over HTTPS, but requested an insecure XMLHttpRequest endpoint 
'http://example.com/login/?next=/amazon/%3FsearchTerms%3DmySearchTerms'. 
This request has been blocked; the content must be served over HTTPS.

What do I need to change in my nginx file to make this request work? It's basically because the login redirect isn't being set using https.

I've tried adding SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') per responses to Django @login_required dropping https, and the docs here but to no avail. Thanks for any help!

来源:https://stackoverflow.com/questions/29737089/how-do-i-use-a-login-redirect-with-https-in-django

标签
django
ssl
nginx
https
mixed-content
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!