SECURE_SSL_REDIRECT setting for Django
From the docs:
Note
If turning this to True causes infinite redirects, it probably means your site is running behind a proxy and can’t tell which requests are secure and which are not. Your proxy likely sets a header to indicate secure requests; you can correct the problem by finding out what that header is and configuring the SECURE_PROXY_SSL_HEADER setting accordingly.
I'm getting infinite redirects, anyone know where you can find the header for this? I've tried SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') but it didn't work.
Any help would be much appreciated!Solution:Jump to solution
when in doubt, read the docs
https://docs.djangoproject.com/en/4.2/ref/settings/#secure-proxy-ssl-header...
5 Replies
Project ID:
N/AN/A
Solution
when in doubt, read the docs
https://docs.djangoproject.com/en/4.2/ref/settings/#secure-proxy-ssl-header
Right, not sure how I missed that. Was looking at another page on there.
I'm still not sure whether I should be using this though as there's a warning on the page:
Make sure ALL of the following are true before setting this (assuming the values from the example above):
Your Django app is behind a proxy.
Your proxy strips the X-Forwarded-Proto header from all incoming requests, even when it contains a comma-separated list of protocols. In other words, if end users include that header in their requests, the proxy will discard it.
Your proxy sets the X-Forwarded-Proto header and sends it to Django, but only for requests that originally come in via HTTPS.
Are all apps behind a proxy on Railway?
I have no idea
yes your apps are behind a proxy