From 5d004ba6e4ea55fe0fcf5d70f8f859b8a9f2b2d5 Mon Sep 17 00:00:00 2001 From: Saurabh Kumar Date: Sat, 13 Sep 2014 02:02:43 +0530 Subject: [PATCH] fix(security/dj-secure): add missing middleware of django-secure - For the working of django-secure the middleware class needs to be added. (http://django-secure.readthedocs.org/en/latest/index.html#usage) - add correct values for SECURE_PROXY_SSL_HEADER for heroku --- .../{{cookiecutter.repo_name}}/config/common.py | 2 ++ .../{{cookiecutter.repo_name}}/config/production.py | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py index a7d64cfb..caa4d199 100644 --- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py +++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py @@ -56,6 +56,8 @@ class Common(Configuration): # MIDDLEWARE CONFIGURATION MIDDLEWARE_CLASSES = ( + # Make sure djangosecure.middleware.SecurityMiddleware is listed first + 'djangosecure.middleware.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', diff --git a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py index 909871e8..bc5ae8de 100644 --- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py +++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py @@ -22,6 +22,10 @@ from .common import Common class Production(Common): + # This ensures that Django will be able to detect a secure connection + # properly on Heroku. + SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') + # INSTALLED_APPS INSTALLED_APPS = Common.INSTALLED_APPS # END INSTALLED_APPS