Issues with Redirect URLs Being HTTP Instead of HTTPS in Python Social Auth Django or AllAuth
2018-07-12 20:24 (6 years ago)
ytyng
Django Social Auth's Django module and AllAuth's redirection protocol scheme becoming HTTP instead of HTTPS (callback_uri, redirect_uri, destination) was troublesome.
Settings in Django
To create the URI, django.http.request.HttpRequest.build_absolute_uri is used.
Therefore, in your settings, define:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
Settings in nginx
If nginx is handling HTTPS requests, configure nginx as follows:
location / {
proxy_set_header X-Forwarded-Proto $scheme;
...
Something like this,
If nginx is handling HTTP requests instead of HTTPS, for example, when HTTPS is terminated at an ELB (Elastic Load Balancer), use:
location / {
proxy_set_header X-Forwarded-Proto https;
...
You should directly pass the HTTPS header.
Comments