当我将新资源发布到我的 RESTful Tastypie API 时,我创建了一个资源并得到了这样的 201 响应:
HTTP/1.1 201 CREATED
Content-Type: text/html; charset=utf-8
Date: Wed, 19 Sep 2012 01:02:48 GMT
Location: http://example.com/api/v1/resource/12/
Server: gunicorn/0.14.6
Content-Length: 0
Connection: keep-alive
太棒了!除了我发布到 HTTPS URL 并希望返回 HTTPS Location
header 。我如何配置 tastypie 来执行此操作?
添加
我正在使用一些中间件来强制使用 SSL,但我认为这不是导致此问题的原因。无论如何,它在这里:
class SSLifyMiddleware(object):
# Derived from https://github.com/rdegges/django-sslify
def process_request(self, request):
if not any((not settings.FORCE_SSL, request.is_secure(), request.META.get('HTTP_X_FORWARDED_PROTO', '') == 'https')):
url = request.build_absolute_uri(request.get_full_path())
secure_url = url.replace('http://', 'https://')
return HttpResponseRedirect(secure_url)
添加
这是一个 Heroku 应用。
最佳答案
正如我们所确定的,以 http
而不是 https
开头的 URL 的原因是 request.is_secure()
是 错误
。
有几个可能的原因导致 request.is_secure()
为 False
,例如在使用 HTTP 连接到服务器的负载平衡器或反向代理后面,而客户端和负载平衡器/反向代理之间的连接是使用 SSL 建立的。
请查看 SECURE_PROXY_SSL_HEADER
的文档,这是一些解决方案,如果您在代理或负载平衡器后面:
If your Django app is behind a proxy, though, the proxy may be "swallowing" the fact that a request is HTTPS, using a non-HTTPS connection between the proxy and Django. In this case, is_secure() would always return False -- even for requests that were made via HTTPS by the end user.
In this situation, you'll want to configure your proxy to set a custom HTTP header that tells Django whether the request came in via HTTPS, and you'll want to set SECURE_PROXY_SSL_HEADER so that Django knows what header to look for.
关于django - Tastypie POST 位置 HTTPS 与 HTTP,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/12488285/