Scenario is this:
- Ã‚Â Django App is running on an instance with web server and has no SSL installed.
- SSL cert is installed on the ELB and the ELB is accepting requests for the django App (which is still non SSL)
Problem happens here is that URL’s that django generates is not secure i.e. HTTP as well as django isnot enforcing secure mode.
For this we can possibly use a Django middleware, example code
from django import http class ELBMiddleware(object): def process_request(self, request): if 'HTTP_X_FORWARDED_PROTO' in request.META: if request.META['HTTP_X_FORWARDED_PROTO'] == 'https': request.is_secure = lambda: True return None
Remember to save this middleware in your django directory and enable it in settings.py You know how right. hint: filename.Classname 🙂
suggestions? ideas, improvements are welcome.