#28359: SecurityMiddleware's SECURE_SSL_HOST only affects unsecure requests
-------------------------------------+-------------------------------------
Reporter: Matthias Kestenholz | Owner: Irindu
| Indeera
Type: New feature | Status: assigned
Component: HTTP handling | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Matthias Kestenholz):
Yes, the patch would probably be backwards incompatible for the use case
you describe. I also agree that this does not have much to do with
security, but maybe neither has the `SECURE_SSL_HOST` functionality at
all.
I'd think that, in a scenario where there are multiple valid SSL hosts,
you'd rather want to keep the domain (which means that `SECURE_SSL_HOST`
would not be set), OR that you'd want a `next` parameter for a post login
redirect (which means that the standard `SecurityMiddleware` would have to
be replaced or augmented anyway)
(Sorry for not replying earlier, I still am on vacation.)
--
Ticket URL: <https://code.djangoproject.com/ticket/28359#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.24b1063296eb4553f73c4f5ed61a013a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
