django-watersheep / README.markdown

Based on with a few additional tweaks.

The watersheep middleware will look for a SECURE_REQUIRED_PATHS variable in your and redirect any non-HTTPS requests for them to HTTPS versions. Child paths of those paths will also be redirected.

Once a user is logged in, all non-HTTPS requests are redirected to HTTPS versions to help prevent session-jacking.

There's also a decorator to let you mark specific views as HTTPS-only.


  • Django 1.1+
  • Pip, virtualenv, etc


Install into your virtualenv with pip:

pip install -e hg+

There's also a git mirror if you prefer:

pip install -e git+


Add the middleware to MIDDLEWARE_CLASSES after the authentication middleware:

    # ...
    # ...
    # ...

Add the SECURE_REQUIRED_PATHS setting to define what URLs should be HTTPS-only:

    # ...

To use the decorator:

from watersheep.decorator import secure_required

# ...

def photo_edit(request, slug):
    # ...