Based on http://djangosnippets.org/snippets/85/ with a few additional tweaks.
The watersheep middleware will look for a
SECURE_REQUIRED_PATHS variable in
settings.py and redirect any non-HTTPS requests for them to HTTPS
versions. Child paths of those paths will also be redirected.
Once a user is logged in, all non-HTTPS requests are redirected to HTTPS versions to help prevent session-jacking.
There's also a decorator to let you mark specific views as HTTPS-only.
- Django 1.1+
- Pip, virtualenv, etc
Install into your virtualenv with pip:
pip install -e hg+http://bitbucket.org/dwaiter/django-watersheep#egg=watersheep
There's also a git mirror if you prefer:
pip install -e git+http://github.com/dwaiter/django-watersheep#egg=watersheep
Add the middleware to
MIDDLEWARE_CLASSES after the authentication
MIDDLEWARE_CLASSES = ( # ... 'django.contrib.auth.middleware.AuthenticationMiddleware', # ... 'watersheep.middleware.SecureRequiredMiddleware', # ... )
SECURE_REQUIRED_PATHS setting to define what URLs should be
SECURE_REQUIRED_PATHS = ( '/login', '/logout', '/admin', # ... )
To use the decorator:
from watersheep.decorator import secure_required # ... @secure_required def photo_edit(request, slug): # ...