def index(request):
if request.user.is_authenticated() and not request.is_secure():
# redirect to HTTPS
One could argue though that to keep things as simple and robust as possible, running everything over HTTPS would be a better choice. Is HTTPS that much more compute intensive with your traffic?
torstai, 29. marraskuuta 2012 11.32.28 UTC+2 Roarster kirjoitti:
-- J
torstai, 29. marraskuuta 2012 11.32.28 UTC+2 Roarster kirjoitti:
Is there any easy way to have a django site enforce HTTPS for authenticated users while any anonymous users would default to HTTP? This would allow me to protect the sessions and cookies for users who have logged on while conserving server resources for those who aren't authenticated (I would assume the majority of connections). As part of this it would also make sense for me to ensure the login and register pages also use HTTPS to protect any passwords.I'm not sure if it's relevant but I'm using Nginx as a web server with uwsgi dealing with the django requests.Thanks.
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/bQ4TYYmJvswJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment