0

I was interested in imposing https on my entire python django project. I found this solution and it looks promising. I made these changes to the equivalent of my settings.py

SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = 60
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_FRAME_DENY = True
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True

and 

MIDDLEWARE_CLASSES = (
# This middleware is for ensuring that all pages use https
'djangosecure.middleware.SecurityMiddleware',
...

and

INSTALLED_APPS = (
# for https
'djangosecure',
...

When I run python manage.py checksecure, the message I get is All clear!, however, when I deploy to google apps engine, I get this error:

File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/django-    1.5/django/core/handlers/base.py", line 51, in load_middleware
raise exceptions.ImproperlyConfigured('Error importing middleware %s: "%s"' %   (mw_module, e))
ImproperlyConfigured: Error importing middleware django-secure-    1.0.1.djangosecure.middleware: "No module named django-secure-   1.0.1.djangosecure.middleware"

What am I doing wrong?

Matt Cremeens
  • 4,951
  • 7
  • 38
  • 67

1 Answers1

1

There is no module named 'django-secure' installed in the Google App engine environment. You'll need to make this module available to your application inside Google App engine.

Here is a question and answer which gives instructions on how to do this.

Community
  • 1
  • 1
aychedee
  • 24,871
  • 8
  • 79
  • 83
  • So, when I deploy the app to google app engine, that's not enough? – Matt Cremeens Dec 26 '14 at 22:42
  • Correct! That's what the error is telling you. It looks like Google App Engine has no way of actually installing Python modules properly so you have to include the whole module in your project. – aychedee Dec 26 '14 at 23:03
  • OK, great. Sorry, I'm a little new at this. I have the entire library downloaded and I used `pip install django-secure`. I've looked at the link you provided, but I think I need to look at it again because it is still unclear to me how I make sure google app engine has everything it needs. – Matt Cremeens Dec 26 '14 at 23:21
  • What operating system are you using? Windows? Mac? Linux? – aychedee Dec 27 '14 at 00:02
  • Okay, so maybe try using this answer to find the location of your installed module: http://stackoverflow.com/questions/122327/how-do-i-find-the-location-of-my-python-site-packages-directory. Then you can copy the entire `django-secure` folder into your project directory. – aychedee Dec 27 '14 at 06:13
  • This link might be helpful too - http://stackoverflow.com/questions/4863557/how-do-i-manage-third-party-python-libraries-with-google-app-engine-virtualenv – Craig Blaszczyk Dec 27 '14 at 09:52
  • @aychedee, I found it. So where in my project directory should I copy it? Where settings is? The root? – Matt Cremeens Dec 27 '14 at 12:18
  • Wow! That worked, and the address bar showed `https` prepended to to the url, but the page didn't display. :( – Matt Cremeens Dec 27 '14 at 12:28
  • don't you have to pay extra for HTTPS now, or has that changed? – Paul Collingwood Dec 27 '14 at 12:45
  • @PaulCollingwood, from what I can tell, aychedee, provided the correct solutions, so I am marking it, but google app engine only supports https if you use their .appspot subdomain. I spent way too much time figuring that out, but I appreciate all the help. – Matt Cremeens Dec 27 '14 at 13:36
  • Yeah, I've never found app engine to be the most straight forward, or even Python friendly platform. You could have a look at PythonAnywhere, – aychedee Dec 27 '14 at 17:31