On Sat, Jan 1, 2011 at 7:17 PM, Jakob H <[email protected]> wrote:
> Hi,
>
> I'm using Satchmo to build a store for a Django-powered webpage.
> Satchmo provides a convenient middleware
> ('satchmo_store.shop.SSLMiddleware.SSLRedirect') which allows me to
> add { 'SSL' : True } arguments to my view specifications (in urls.py).
> This forwards requests to using the HTTPS protocol when so specified.
> There are other middlewares that do roughly the same thing, so this is
> not necessarily Satchmo-specific.
>
> I have some views configured to be forwarded to using SSL (HTTPS
> protocol). However, I also have some general Ajax views configured.
> E.g. I have one that updates a progress bar on every page once that
> page has loaded.
>
> The problem is the following: consider me having the following
> (abstract) specification in urls.py:
>
> VIEW1[SSL=True]
> AJAX1[SSL=False]
>
> where a client-side call to AJAX1 is performed once the page has fully
> loaded as generated by VIEW1. The page generated by VIEW1 should call
> AJAX1 using the HTTPS protocol, but the convenient middleware will
> forward it to HTTP, as specified above, which will cause problems
> (i.e. it will not work). If I set AJAX1[SSL=True] I will get problems
> when I access views using the HTTP protocol.
>
> Is there a way to make use of the above-mentioned convenient
> declarative middleware (just adding { 'SSL' : True } in view-
> specifications), but get around these kinds of problems?
>
> What are some common design patterns for these kinds of problems?
>
> Thanks,
> Jakob
>
I don't use satchmo, but is there a third option for SSL, None? In my
SSL middleware, setting SSL to True implies that the view must be
loaded over SSL, setting it to False implies that it must not be, and
not setting it implies that the middleware should stay out of it.
If you can finagle that, then you should do so for your your AJAX
views, and refer to them in your templates/JS using URI references
rather than an absolute URI ('/foo/bar/' rather than
'http://wibble.com/foo/bar/'). This way, the browser will DTRT with
the protocol when making the ajax call - SSL when the view is loaded
over SSL, HTTP otherwise.
Cheers
Tom
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
