Could you explain what types of tests require https (or otherwise expand on the rationale for adding this)? If the answer is that we don't want to have a separate "test settings" with all the SSL settings disabled (CSRF_COOKIE_SECURE, SECURE_HSTS_SECONDS, etc.) then I understand this, however, there was previous discussion about adding SSL support to runserver met with mixed reaction [1] and it seems a little funny to me that we'd including a test SSL server and not a runserver solution.
[1] https://groups.google.com/d/topic/django-developers/PgBcSEiUdw0/discussion On Monday, August 31, 2015 at 6:58:33 AM UTC-4, Jakub Gocławski wrote: > > Hi, > > Ticket: https://code.djangoproject.com/ticket/25328 > > I made a proposal to include a LiveServerTestCase, which runs an HTTPS > server instead of standard HTTP server. I've been asked to get more > feedback for this idea. > > If my refactor is merged I can release the test case as a separate app. > But including it in Django itself would encourage to write HTTPS-only > applications and to write Selenium tests for them. > I've seen recent moves to encourage various security "good habits" into > Django, like integrating "security header" in 1.8 ( > https://docs.djangoproject.com/en/1.8/ref/middleware/#module-django.middleware.security). > > Let's Enrypt (which should be released in November) will futher ease > enabling HTTPS. > Testing HTTPS-enabled site in Django should be just as easy as testing a > standard HTTP site. > > Do you think it's a good idea to add it to Django core? Or should I > release it as as a separate app? > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/91570cfc-0e36-4c6b-ba68-82c123dea894%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
