On 26/09/11 12:45, Tom Evans wrote: > On Sat, Sep 24, 2011 at 9:28 PM, Luke Plant <[email protected]> wrote: >> >> I'm happy to be proved wrong, of course. Apache is very popular, though, >> so if its hard in Apache, it could be said to be hard full stop. >> > > RequestHeader unset X-Forwarded-Protocol > > Not precisely what I'd call hard.
I am indeed happy to have been proved wrong :-) ... if slightly embarrassed... I suppose we should check that this definitely works in conjunction with mod_proxy and whichever module it is that sets X-Forwarded-Protocol/Ssl. > I suppose it is analogous to DB routers. Django doesn't provide > routers to handle the common ways to scale a database, but they are > simple enough to write for your specific setup. There is a simple way > to add your own fixups to requests, and it works, so we don't need to > burden the core or contrib with it. Given the security problems of getting HttpRequest.is_secure() wrong either way, and the common solution to this particular problem, I think it is better to have support in the core for this. Luke -- "I regret I wasn't born with opposable toes." (Calvin and Hobbes) Luke Plant || http://lukeplant.me.uk/ -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
