Force SSL on your Django admin site.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for return1 from gravatar.com return1

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (mit)

Author: Dominique Lederer

Tags django, ssl, https, middleware, admin

Classifiers

Project description

django-sslify-admin

Force SSL on your Django admin site

Install

To install django-sslify-admin, simply run pip install django-sslify-admin and you’ll get the latest version installed automatically.

Usage

Modify your Django settings.py file, and prepend sslifyadmin.middleware.SSLifyAdminMiddleware to your MIDDLEWARE_CLASSES setting:

MIDDLEWARE_CLASSES = (
    'sslifyadmin.middleware.SSLifyAdminMiddleware',
    # ...
)

NOTE: Make sure sslify.middleware.SSLifyMiddleware is the first middleware class listed, as this will ensure that if a user makes an unsecure request (over HTTP), they will be redirected to HTTPs before any actual processing happens.

Custom admin url?

If you are using a custom admin url, you have to set SSLIFY_ADMIN_NAMESPACE in your settings.py:

# SSLIFY_ADMIN_NAMESPACE = "admin" # default
SSLIFY_ADMIN_NAMESPACE = "myadminurl" # custom

Behind a Proxy? (Heroku)

If your Django app is behind a proxy (like Heroku), though, the proxy may be “swallowing” the fact that a request is HTTPS, using a non-HTTPS connection between the proxy and Django.

In this situation, you’ll want to configure the proxy (Heroku already does that for you) to set a custom HTTP header that tells Django whether the request came in via HTTPS, and you’ll want to set `SECURE_PROXY_SSL_HEADER so that Django knows what header to look for, like this:

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

Notes

This code was taken and modified from this StackOverflow thread. This Project is also influenced by Randall Degges django-sslify, use this, if you want to secure your whole site, and not only the admin interface of Django.

Tests

Build Status

$ git clone https://github.com/return1/django-sslify-admin.git
$ cd django-sslify-admin
$ python setup.py develop
...
$ python setup.py test
Creating test database for alias 'default'...
..
----------------------------------------------------------------------
Ran 2 tests in 0.003s

OK
Destroying test database for alias 'default'...

License

http://return1.mit-license.org/

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for return1 from gravatar.com return1

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (mit)

Author: Dominique Lederer

Tags django, ssl, https, middleware, admin

Classifiers

Release history Release notifications | RSS feed

0.5.0

0.4

This version

0.3

0.2

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-sslify-admin-0.3.tar.gz (3.4 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page