问题
I'm using django-braces' LoginRequiredMixin
for one of my views. Basically, this adds a query string of ?next=/my/desired/url
to http://example.com/login/
.
The issue is, I'm using an ssl certificate across my site. My nginx file is as below:
upstream app_server {
server 127.0.0.1:9000 fail_timeout=0;
}
#
# Redirect all www to non-www
#
server {
server_name www.example.com;
ssl_certificate /src/bin/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/STAR_example_com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
listen *:80;
listen *:443 ssl spdy;
listen [::]:80 ipv6only=on;
listen [::]:443 ssl spdy ipv6only=on;
return 301 https://example.com$request_uri;
}
#
# Redirect all non-encrypted to encrypted
#
server {
server_name example.com;
listen *:80;
listen [::]:80;
return 301 https://example.com$request_uri;
}
server {
server_name example.com;
ssl_certificate /src/bin/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/STAR_example_com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
listen *:443 ssl spdy;
listen [::]:443 ssl spdy;
# rest goes here...
root /usr/share/nginx/html;
index base.html index.html index.htm;
client_max_body_size 4G;
keepalive_timeout 5;
# Your Django project's media files - amend as required
location /media {
alias /src/example/media;
expires 1y;
add_header Cache-Control "public";
}
# your Django project's static files - amend as required
location /static {
alias /src/static;
expires 1y;
add_header Cache-Control "public";
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
}
I have an AJAX search submission, for which I've set the url to https. Unfortunately, I'm still getting this error:
Mixed Content: The page at 'https://example.com/my/url/' was loaded
over HTTPS, but requested an insecure XMLHttpRequest endpoint
'http://example.com/login/?next=/amazon/%3FsearchTerms%3DmySearchTerms'.
This request has been blocked; the content must be served over HTTPS.
What do I need to change in my nginx file to make this request work? It's basically because the login redirect isn't being set using https.
I've tried adding SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
per responses to Django @login_required dropping https, and the docs here but to no avail. Thanks for any help!
来源:https://stackoverflow.com/questions/29737089/how-do-i-use-a-login-redirect-with-https-in-django