Issues with Redirect URLs Being HTTP Instead of HTTPS in Python Social Auth Django or AllAuth
2018-07-12 20:24 (6 years ago)
ytyng
Django Social Auth's Django module and AllAuth's redirection protocol scheme becoming HTTP instead of HTTPS (callback_uri, redirect_uri, destination) was troublesome.
Settings in Django
To create the URI, django.http.request.HttpRequest.build_absolute_uri is used.
Therefore, in your settings, define:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
Settings in nginx
If nginx is handling HTTPS requests, configure nginx as follows:
location / {
proxy_set_header X-Forwarded-Proto $scheme;
...
Something like this,
If nginx is handling HTTP requests instead of HTTPS, for example, when HTTPS is terminated at an ELB (Elastic Load Balancer), use:
location / {
proxy_set_header X-Forwarded-Proto https;
...
You should directly pass the HTTPS header.
The author runs the application development company Cyberneura.
We look forward to discussing your development needs.
We look forward to discussing your development needs.