On Sat, Jan 17, 2015 at 10:03 AM, Larry Martell <larry.mart...@gmail.com> wrote:
> We have a django app accessed via SSL (i.e. with https). When we went
> to the admin site and it was redirected to admin/login/?next=/admin/
> because we were not logged in, the https was not carried over and the
> request failed. I added
>
> SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
>
> to my settings and then the admin redirect worked. But we have some
> clients that access the site with curl or python requests and after
> adding that all their existing code broke. They now all have to add a
> referer to all their requests for them to work.
>
> My question is, is there a way to make the admin redirect work but not
> require all the other requests to have a referer? A non redirected
> request from the browser works, and that doesn't have a referer, so
> why is it required on the curl requests?
I found this:
https://code.djangoproject.com/ticket/16870
Which I guess answers my question.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CACwCsY68vhY2jt%3DERxVO3BFd4U5TJr4ewdEtCbpyNHUB8x23%3DQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
