0

essentially, I want to turn SECURE_SSL_REDIRECT to true. but reading through the django docs, I get the impression this can compromise the projects security if it's not behind a proxy.

am I understanding that correctly, and if so, how should I go about doing http->https redirects when not behind a proxy?

thanks!

b00n.
  • 35
  • 1
  • 4

1 Answers1

0

if anyone finds this, it looks like using Heroku means this is fine, as Heroku writes the X_FORWARDED_PROTO header, regardless of what the incoming header is, so theres no way for it to be set as https maliciously

b00n.
  • 35
  • 1
  • 4