• This repository has been archived on 14/Mar/2024
  • Stars
    star
    336
  • Rank 125,564 (Top 3 %)
  • Language
    Python
  • License
    The Unlicense
  • Created over 12 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Force SSL on your Django site.

django-sslify

Do you want to force HTTPs across your Django site? You're in the right place!

django-sslify Release django-sslify Downloads django-sslify Build

Guardian Sketch

Meta

Purpose

Enabling SSL on your Django site should be easy, easy as in one-line-of-code easy. That's why I wrote django-sslify!

The goal of this project is to make it easy for people to force HTTPS on every page of their Django site, API, web app, or whatever you're building. Securing your site shouldn't be hard.

Using Django 1.8 or later?

This package was written before Django 1.8. If you are using Django 1.8 or later, you do not need this library in order to force HTTPS. Instead, you can just change your settings.py file to include SECURE_SSL_REDIRECT.

# in settings.py
SECURE_SSL_REDIRECT = True

If you are using Heroku, you may need to add SECURE_PROXY_SSL_HEADER as well.

# in settings.py
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

Django's documentation includes more details about security settings for HTTPS.

If you are using an older version of Django (1.7 or earlier), then this package is for you.

Installation

To install django-sslify, simply run:

$ pip install django-sslify

This will install the latest version of the library automatically.

If you're using Heroku, you should add django-sslify>=0.2 to your requirements.txt file:

$ echo 'django-sslify>=0.2.0' >> requirements.txt

Once you've done this, the next time you push your code to Heroku this library will be installed for you automatically.

Usage

To use this library, and force SSL across your Django site, all you need to do is modify your settings.py file, and prepend sslify.middleware.SSLifyMiddleware to your MIDDLEWARE_CLASSES setting:

# settings.py

MIDDLEWARE_CLASSES = (
    'sslify.middleware.SSLifyMiddleware',
    # ...
)

Note

Make sure sslify.middleware.SSLifyMiddleware is the first middleware class listed, as this will ensure that if a user makes an insecure request (over HTTP), they will be redirected to HTTPs before any actual processing happens.

If you're using Heroku, you should also add the following settings to your Django settings file:

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

This ensures that Django will be able to detect a secure connection properly.

Using a Custom SSL Port

If your site is running on a non-standard SSL port, you can change django-sslify's default redirection behavior by setting a special variable in your settings.py file:

SSLIFY_PORT = 999

Disabling SSLify

If you'd like to disable SSLify in certain environments (for local development, or running unit tests), the best way to do it is to modify your settings file and add the following:

SSLIFY_DISABLE = True

You can also disable SSLify for certain requests only (useful for exposing HTTP-only web hook URLs, etc) by adding a callable with a single request parameter to the SSLIFY_DISABLE_FOR_REQUEST list. Returning True from your callable will disable SSL redirects.

SSLIFY_DISABLE_FOR_REQUEST = [
    lambda request: request.get_full_path().startswith('/no_ssl_please')
]

Notes

This code was initially taken from this StackOverflow thread.

This code has been adopted over the years to work on Heroku, and non-Heroku platforms.

If you're using Heroku, and have no idea how to setup SSL, read this great article which talks about using the new SSL endpoint addon (which totally rocks!).

NGINX + Infinite Redirect

If you're running your Django app behind an Nginx load balancer, and are seeing infinite redirects, the solution is to add the following line:

proxy_set_header X-Forwarded-Proto $scheme;

To your nginx.conf file, inside of the relevant location blocks. This Stack Overflow thread might also be useful.

Contributing

This project is only possible due to the amazing contributors who work on it!

If you'd like to improve this library, please send me a pull request! I'm happy to review and merge pull requests.

The standard contribution workflow should look something like this:

  • Fork this project on Github.
  • Make some changes in the master branch (this project is simple, so no need to complicate things).
  • Send a pull request when ready.

Also, if you're making changes, please write tests for your changes -- this project has a full test suite you can easily modify / test.

To run the test suite, you can use the following commands:

$ cd django-sslify
$ python setup.py develop
$ python manage.py test sslify

Change Log

All library changes, in descending order.

Version 0.2.8

Released January 15, 2018.

  • Adding Django 1.10 compatibility.
  • Fixing markup.
  • Updating Travis CI for 1.9.

Version 0.2.5

Released December 28, 2014.

  • Adding in new SSLIFY_DISABLE_FOR_REQUEST setting which allows a user to specify functions that can choose to reject SSL -- this is useful for situations where you might want to force SSL site-wide EXCEPT in a few circumstances (webhooks that don't support SSL, for instance).

Version 0.2.4

Released on November 23, 2014.

  • Adding the ability to specify a custom SSL port.
  • Totally revamping docs.
  • Changing project logo / mascot thingy ^^
  • Adding new tests for custom SSL ports.

More Repositories

1

ipify-api

A public IP API service.
Go
1,737
star
2

django-skel

A modern Django (1.5) project skeleton.
Python
518
star
3

django-twilio

A simple library for building twilio-powered Django webapps.
Python
327
star
4

skele-cli

A skeleton command line program in Python.
Python
293
star
5

simpleq

A simple, infinitely scalable, SQS based queue.
Python
165
star
6

flask-dynamo

DynamoDB integration for Flask.
Python
141
star
7

python-ipify

The official client library for ipify: A Simple IP Address API.
Python
138
star
8

cryptocompare

A static website that compares cryptocurrency prices for popular currencies.
HTML
123
star
9

chatapp

A simple WebRTC and Okta front-end app.
JavaScript
122
star
10

go-ipify

The official client library for ipify: A Simple IP Address API.
Go
119
star
11

ss-auth

Stupid Simple Authentication
JavaScript
110
star
12

python-amazonify

The simplest way to build Amazon Affiliate links, in Python.
Python
104
star
13

brute

Simple brute forcing in Python.
Python
101
star
14

django-heroku-memcacheify

Automatic Django memcached configuration on Heroku.
Python
100
star
15

svcc-auth

Demo code for my Silicon Valley Code Camp talk about authentication in Node.js!
JavaScript
97
star
16

pycall

A flexible python library for creating and using Asterisk call files.
Python
92
star
17

django-clear-cache

A simple Django management command which clears your cache.
Python
88
star
18

django-ganalytics

Simple Google Analytics integration for Django.
Python
48
star
19

pelican-minify

An HTML minification plugin for Pelican, the static site generator.
Python
47
star
20

django-heroku-postgresify

Automatic Django database configuration on Heroku.
Python
46
star
21

btc

Buy, sell, and transfer bitcoin instantly in your terminal!
Python
45
star
22

flask-heroku-cacheify

Automatic Flask cache configuration on Heroku.
Python
41
star
23

python-basicauth

An incredibly simple HTTP basic auth implementation.
Python
36
star
24

useragent-api

A random user agent API service.
Python
34
star
25

energy-tracker

A simple script (meant to be run via cron) that tracks your Mac laptop's energy usage in watt hours.
Shell
33
star
26

dot-tmux

My tmux dotfiles.
21
star
27

dot-vim

My vim dotfiles.
Vim Script
16
star
28

rdegges-www

My personal website and blog.
SCSS
10
star
29

flask-simple

SimpleDB integration for Flask.
Python
10
star
30

flask-heroku-rqify

Automatic RQ configuration for your Heroku Flask applications.
Python
10
star
31

dot-git

My git dotfiles.
8
star
32

dot-zsh

My ZSH dotfiles.
Shell
6
star
33

rdegges-blog

My personal writings.
6
star
34

cagi

An Asterisk 1.6+ compatible AGI library in C.
C
5
star
35

dog-name-picker

A Python script I used to pick my dog's name.
Python
4
star
36

node-camels

Easily convert to and from camelCase and under_score notation.
JavaScript
3
star
37

skele

A simple, modern, Express 4.x skeleton.
JavaScript
2
star
38

django-coverage

Fork of the popular django-coverage package.
2
star
39

dot-pip

My pip dotfiles.
2
star
40

bitrich-www

HTML
2
star
41

ice-breaker

A simple cross-platform CLI tool that destroys Amazon Glacier vaults.
Go
1
star
42

iterate-banner

Code I used to generate a cool opening video at the Iterate conference in 2018.
Python
1
star
43

dsobook.club

Source code for the DevSecOps Book Club website.
HTML
1
star
44

rondegges-www

My dad's website.
CSS
1
star
45

postgression-www

The public facing website for postgression.com.
1
star
46

dot-python

Dotfiles for managing Python.
Shell
1
star
47

codehappy-www

The public facing Code Happy website.
Pug
1
star
48

sofind

A simple CLI tool to find good StackOverflow users.
JavaScript
1
star
49

actiontest

testing...
1
star
50

generator-momma

yeoman generator for yo momma
JavaScript
1
star
51

python-data247

An API client for Data 24-7.
Python
1
star