Since I want to make sure that my application is as secure as possible, I
wanted to force all traffic to use HTTPS. At the bottom of my db.py, I have
this:
############ FORCED SSL #############
session.secure()
if not request.is_https:
redirect('https://%s/%s' % (request.env.http_host, request.application))
#####################################
It works great, secures the cookie, and redirects the user to the HTTPS
version of the site since session.secure() does not do this by itself. There
is one major problem with this, however, and that is that if I try to run a
script from cron, the script fails with a gluon.http.HTTP: 303 error due to
the fact that the script isn't using HTTPS.
So is there a way to tell if a request is from a cron script? Or is there a
better way to do the forced SSL connections? Thanks.
