Skip to content

feat: recognize HTTPS via proxy #7765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rjsparks merged 2 commits into from
Aug 5, 2024
Merged

feat: recognize HTTPS via proxy #7765

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3d1eb8f
feat: set SECURE_PROXY_SSL_HEADER
jennifer-richards Jul 29, 2024
199c1a3
chore: update comment
jennifer-richards Jul 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions k8s/settings_local.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,13 @@ def _multiline_to_list(s):
# Default to "development". Production _must_ set DATATRACKER_SERVER_MODE="production" in the env!
SERVER_MODE = os.environ.get("DATATRACKER_SERVER_MODE", "development")

# Use X-Forwarded-Proto to determine request.is_secure(). This relies on CloudFlare overwriting the
# value of the header if an incoming request sets it, which it does:
# https://developers.cloudflare.com/fundamentals/reference/http-request-headers/#x-forwarded-proto
# See also, especially the warnings:
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")

# Secrets
_SECRET_KEY = os.environ.get("DATATRACKER_DJANGO_SECRET_KEY", None)
if _SECRET_KEY is not None:
Expand Down