Secure_ssl_redirect setting for django does nothing on heroku

Question

I am deploying a Django app on heroku and trying to force https on all pages. I use the following settings for that:

SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

Now when I visit www.mysite.de it does in fact not redirect me to https. Any ideas what I am missing?

Is `SecurityMiddleware` enabled? – knbk Apr 27 '17 at 17:43 — knbk, Apr 27 '17 at 17:43

score 11 · Accepted Answer · answered Apr 27 '17 at 19:03

11

Try adding the following to your settings.py:

PREPEND_WWW = True
BASE_URL = "https://www.mysite.de"
ALLOWED_HOSTS = ['www.mysite.de', 'mysite.de']

Make sure you also have SecurityMiddleware and CommonMiddleware enabled.

answered Apr 27 '17 at 19:03

YPCrumble

1 Answers1