Hi, I have a Django/Python app that is hosted on Heroku. The app uses the Instagram API.
I am trying to secure the app by enforcing signed HTTP headers using X-Insta-Forwarded-For. The actual header value is constructed as - "The expected value is a combination of the client's IP address and a HMAC signed using the SHA256 hash algorithm with your client's IP address and Client Secret" Does anyone know what IP information should be used for a Heroku hosted app? - the app IP is dynamic and unpredictable but the Instagram devs have told me that just an approximate IP is required, possibly only a Heroku gateway IP. How do I find out what is a suitable IP? (I dont want to use a proxy to fix the IP). Also how do I actually add this header information to http headers? Middleware has been mentioned but I dont know where to start with coding a middleware solution. Is it possible to do this at the web server level on Heroku - would this be easier than middleware? Anyone had experience of a similar setup that could give me some pointers here. All info much appreciated. Thanks, S. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d1af5890-29d5-4657-9bc1-219dcdeae473%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.