Merge pull request #130 from theskumar/fix-dj-secure

fix(security/dj-secure): add missing middleware of django-secure
2025-02-03 21:24:32 +03:00 · 2014-09-16 23:06:31 +05:30 · 2014-09-16 23:06:31 +05:30 · 8695c83fdf
commit 8695c83fdf
parent 037dbe8ec5 5d004ba6e4
2 changed files with 6 additions and 0 deletions
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py
@ -56,6 +56,8 @@ class Common(Configuration):

    # MIDDLEWARE CONFIGURATION
    MIDDLEWARE_CLASSES = (
+        # Make sure djangosecure.middleware.SecurityMiddleware is listed first
+        'djangosecure.middleware.SecurityMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py
@ -22,6 +22,10 @@ from .common import Common

 class Production(Common):

+    # This ensures that Django will be able to detect a secure connection
+    # properly on Heroku.
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
    # INSTALLED_APPS
    INSTALLED_APPS = Common.INSTALLED_APPS
    # END INSTALLED_APPS