0
我一直在Linode上使用以下SSLMiddleware一段时间,并且我的SSL在这方面工作完美,现在我已将服务器更改为Webfaction,并且突然间,我的HTTPS页面都没有因为它被正确地重定向到https页面,但是我所有的css文件,css文件中的图像(没有绝对url),javascript都变成了非安全源(指http://而不是https://) ,我现在真的很困惑,因为我不知道它是否与SSLMiddleware或其他内容有关,除了数据库参数值之外,我没有更改settings.py中的任何内容..请帮助。提前致谢。Webfaction上的Django SSL中间件问题
__license__ = "Python"
__copyright__ = "Copyright (C) 2007, Stephen Zabel"
__author__ = "Stephen Zabel - [email protected]"
__contributors__ = "Jay Parlar - [email protected]"
from django.conf import settings
from django.http import HttpResponseRedirect, HttpResponsePermanentRedirect, get_host
SSL = 'SSL'
class SSLRedirect:
def process_view(self, request, view_func, view_args, view_kwargs):
if SSL in view_kwargs:
secure = view_kwargs[SSL]
del view_kwargs[SSL]
else:
secure = False
if settings.ENABLE_SSL:
if not secure == self._is_secure(request):
return self._redirect(request, secure)
else:
return
def _is_secure(self, request):
if request.is_secure():
return True
#Handle the Webfaction case until this gets resolved in the request.is_secure()
if 'HTTP_X_FORWARDED_SSL' in request.META:
return request.META['HTTP_X_FORWARDED_SSL'] == 'on'
return False
def _redirect(self, request, secure):
protocol = secure and "https" or "http"
newurl = "%s://%s%s" % (protocol,get_host(request),request.get_full_path())
if settings.DEBUG and request.method == 'POST':
raise RuntimeError, \
"""Django can't perform a SSL redirect while maintaining POST data.
Please structure your views so that redirects only occur during GETs."""
return HttpResponsePermanentRedirect(newurl)
此解决方案是否适用于部分安全的网络应用?我的应用程序只有几个安全页面,包括登录,设置,这些页面URL不是静态的,具体取决于用户。 – user1047709
是的,你可以选择哪些页面应该安全送达,哪些可以不安全。 –