On Tue, 2009-10-27 at 07:58 +0200, Jani Tiainen wrote:
> I'm trying to get Django to make authentication (namely username +
> password) to be transferred over HTTPS. But rest of the site is still on
> plain old HTTP.
>
> How this can be done? I've very little success and google didn't gave
> much of help either.
>
> I'm using Apache 2.2 with mod_wsgi and I've total control over my
> webserver config.
>
I use middleware[1] to do this. The 'trick' is to work out when you
should move from SSL to non SSL or vice versa, and then monkey patch
request.is_secure() in order to redirect to the required protocol.
Our scenario is slightly different, we run SSL accelerators in front of
our app servers, so the middleware also detects when SSL is in use and
patches request.is_secure() to reflect that. If your configuration
correctly understands when the request is SSL already, you can simply
drop the process_request() method.
Once the middleware is installed, you can either decorate a view with
the supplied @ssl_required decorator, or (preferred) you can mark the
view as SSL required in your urls.py, by adding an additional kwarg
'SSL'. Eg:
url(r'^login$', 'login', name='login', kwargs={'SSL': True}),
Cheers
Tom
[1] http://pastebin.com/f9e89d0a
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
