Skip to content

Commit

Permalink
fix: add setting variable to determine request scheme (#4438)
Browse files Browse the repository at this point in the history
  • Loading branch information
zawan-ila authored Sep 10, 2024
1 parent 025e8a3 commit 7e6e737
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions course_discovery/settings/production.py
Original file line number Diff line number Diff line change
Expand Up @@ -94,3 +94,10 @@
k.lower(): (v.replace("\\n", "\n") if k.lower() == "private_key" else v)
for (k, v) in GOOGLE_SERVICE_ACCOUNT_CREDENTIALS.items()
}

# IMPORTANT: With this enabled, the server must always be behind a proxy that
# strips the header X_FORWARDED_PROTO from client requests. Otherwise,
# a user can fool our server into thinking it was an https connection.
# See https://docs.djangoproject.com/en/5.1/ref/settings/#secure-proxy-ssl-header
# for other warnings.
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

0 comments on commit 7e6e737

Please sign in to comment.