0

I have an API working just fine on one URL (it returns a nice 201 CREATED):

curl -d @scan.json -H "Content-Type: application/json" -u admin -i -v "https://vincentle.pythonanywhere.com/api/beacons/"

But when I try to perform the same request without the SSL:

curl -d @scan.json -H "Content-Type: application/json" -u admin -i -v "http://vincentle.pythonanywhere.com/api/beacons/"

I get a 301 Moved Permanently response.

I have tried two fixes:

  1. I defined a URL without the trailing slash (after reading this post). This is not the solution, request with, or without slash will return 301.

  2. I added a header "HTTP_X_FORWARDED_PROTO: https" in my request, as I have the line SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') in my settings. This isn't the solution either.

Any idea?

Community
  • 1
  • 1
bixente57
  • 1,328
  • 4
  • 14
  • 29

1 Answers1

0

You need to look at where you are redirected to. My bet, your configuration does redirect http to https in which case it's an administration issue unrelating to Django / Django REST framework.

Linovia
  • 19,812
  • 4
  • 47
  • 48
  • I'm redirected to the https url. Maybe data is lost during redirect? – bixente57 Dec 07 '15 at 10:40
  • Yup, usually the redirection is a GET. I think you could force curl to resend the data by explicitly set -XPOST on top of your current arguments. – Linovia Dec 07 '15 at 13:11
  • I've added a SECURE_REDIRECT_EXEMPT = [r'.*/api/beacons/', ] in my settings, but my http is still redirecting to https, do you know why? – bixente57 Dec 08 '15 at 12:08
  • This may be linked to your front server configuration. Django isn't the only one here. – Linovia Dec 08 '15 at 13:58