6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Forcing https in Django\",\"text\":\"

I'm trying to encrypt my entire site over SSL. However, I'm not finding a clear cut way to do this with Django 1.4. Does anyone know a solution?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"brod\"},\"upvoteCount\":2,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

You could use a middleware such as those provided in django-secure or you could handle this at the Apache/Nginx/HAProxy level by redirecting all HTTP requests to HTTPS.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Mark Lavin\"},\"upvoteCount\":6}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","django",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/django/1","children":"django"}]}],["$","span","encryption",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/encryption/1","children":"encryption"}]}],["$","span","ssl",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ssl/1","children":"ssl"}]}],["$","span","https",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/https/1","children":"https"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/eb2092088c6b57a1147d6e69d19be5a9?s=256&d=identicon&r=PG","alt":"brod","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1408431/brod","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"brod"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",99]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Forcing https in Django"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I'm trying to encrypt my entire site over SSL. However, I'm not finding a clear cut way to do this with Django 1.4. Does anyone know a solution?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",4092]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","20071329",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/Ck19n.jpg?s=256","alt":"Chris Berry","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/2258710/chris-berry","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Chris Berry"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",588]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

On apache+django (1.6) this can be done a number of ways but a simple way can be done in the .htaccess or httpd.conf file is:

\n\n

RewriteEngine On\nRewriteCond %{HTTPS} off\nRewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URL}\n

\n\n

Here's a link for further info on it:

\n\n

http://wiki.apache.org/httpd/RewriteHTTPToHTTPS

\n\n

To be sure the session and csrf cookies are not leaked by the client over plain http connections you should ensure that they are set as 'secure cookies' and only sent by the client over https. This can be done as follows in your settings.py file:

\n\n

CSRF_COOKIE_SECURE = True\nSESSION_COOKIE_SECURE = True\n

\n\n

An intro to django security, including SSL/HTTPS (a must read):

\n\n

https://docs.djangoproject.com/en/1.6/topics/security/

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",3]}]}]]}],["$","div","11801656",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/de77fafcd2dd1e7d5a159793ea51b563?s=256&d=identicon&r=PG","alt":"Mark Lavin","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/61539/mark-lavin","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Mark Lavin"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",25164]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

You could use a middleware such as those provided in django-secure or you could handle this at the Apache/Nginx/HAProxy level by redirecting all HTTP requests to HTTPS.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",6]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","49112365",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/49112365","className":"text-blue-600 hover:underline","children":"Django redirecting http -> https"}]}],["$","li","1548210",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1548210","className":"text-blue-600 hover:underline","children":"How to force the use of SSL for some URL of my Django Application?"}]}],["$","li","41221890",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/41221890","className":"text-blue-600 hover:underline","children":"Redirect http to https in Django (using sslserver)"}]}],["$","li","37764725",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/37764725","className":"text-blue-600 hover:underline","children":"Serving Django site over HTTPS"}]}],["$","li","4486173",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4486173","className":"text-blue-600 hover:underline","children":"how to create a SSL Secure Connection using django "}]}],["$","li","21728951",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21728951","className":"text-blue-600 hover:underline","children":"Django and SSL Server"}]}],["$","li","18025589",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/18025589","className":"text-blue-600 hover:underline","children":"Making an HTTPS site using Django"}]}],["$","li","17018698",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/17018698","className":"text-blue-600 hover:underline","children":"Django defaulting to HTTPS"}]}],["$","li","7643941",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7643941","className":"text-blue-600 hover:underline","children":"Django Site encryption"}]}],["$","li","4790430",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4790430","className":"text-blue-600 hover:underline","children":"How do I require HTTPS for this Django view?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Forcing https in Django

Answers (2)

Related Questions