django over https form redirection issues

Question

I am using Nginx + supervisord to host a django site behind SSL. The site index loads fine. Everything locally works fine without HTTPS using local server. I am using Django 1.4.2

For some reason I get weird redirections.

When using admin if I edit any item I get redirected to home page. When submitting new item for save I get 404 (but data is saved).

Non admin: Again form submit returns me to homepage instead of "success".

The reason for going to homepage I can explain. My nginx redirects all not http traffic to https://localhost with a 301 redirect. So I am guessing django does not think I need secure URLs in places.

The problem is django is not assuming secure url or rather request.is_secure is False.

I have noted this SO Accessing Django Admin over HTTPS behind Nginx Made the changes for proxy pass, i dont think it does anything to handle this. But here it is as is.

settings.py

SESSION_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
CSRF_COOKIE_SECURE = True

warning: I am fairly new to django.

Answer 1

I removed the Nginx redirection. Django already handles the redirection correctly. This was the settings.py values I used together with my nginx proxy pass

SESSION_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
CSRF_COOKIE_SECURE = True

Nginx proxy

 location / {
        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_connect_timeout 10;
        proxy_read_timeout 10;
        proxy_pass http://localhost:8000/;
    }

where localhost:8000 is where gunicorn is running.

I still have other issues but redirection problem is solved.