How to install django-cuddlybuddly-ssl
- Download and install ActivePython
- Open Command Prompt
- Type
pypm install django-cuddlybuddly-ssl
Lastest release
A Django app that provides middleware to redirect views to and from https and http.
Installation
- Add cuddlybuddly.ssl to INSTALLED_APPS.
- Add cuddlybuddly.ssl.middleware.SSLMiddleware to MIDDLEWARE_CLASSES.
Usage
In your URLconf set the keyword argument to enable or disable redirects for a view. By default all views are redirected to http. Look at the CUDDLYBUDDLY_SSL_DEFAULT setting to change this behaviour.
To force a view to redirect to https you can do the following in your URLconf:
from cuddlybuddly.ssl.constants import CUDDLYBUDDLY_SSL_ALWAYS ... (r'^myview/$', 'myview.index', {'ssl': CUDDLYBUDDLY_SSL_ALWAYS})
Or simply with a boolean or integer:
(r'^myview/$', 'myview.index', {'ssl': True}) (r'^myview/$', 'myview.index', {'ssl': 2})
For example, you could protect the entire admin site with this:
from django.contrib import admin from cuddlybuddly.ssl.constants import CUDDLYBUDDLY_SSL_ALWAYS ... (r'^admin/$', include(admin.site.urls), {'ssl': CUDDLYBUDDLY_SSL_ALWAYS})
To force a view to always use http you can do any of the above except set ssl to either CUDDLBUDDLY_SSL_NEVER, False or 0.
To allow a view to be accessed by either http or https and to just leave it how it was accessed set ssl to either CUDDLYBUDDLY_SSL_ASIS or 1.
Settings
CUDDLYBUDDLY_SSL_ENABLED
Sets whether the SSL middleware is actually enabled and will perform redirects. It defaults to True.
Since runserver doesn't support https I usually do something like this in settings.py:
CUDDLYBUDDLY_SSL_ENABLED = not DEBUG
CUDDLYBUDDLY_SSL_KEY
Sets the name of the keyword argument to look at to decide whether anything needs to be redirected. It defaults to ssl.
This exists because I figured there's a good chance of another app wanting to use something as short and precise as ssl for something else and so this setting provides an easy way to avoid potential conflicts.
CUDDLYBUDDLY_SSL_DEFAULT
Decides what to do when CUDDLYBUDDLY_SSL_KEY is not found in the view's kwargs. It defaults to CUDDLYBUDDLY_SSL_NEVER and so unless otherwise specified all views will be redirected to regular http.
To force all views to use https unless otherwise specified you would do the following in settings.py:
from cuddlybuddly.ssl.constants import CUDDLYBUDDLY_SSL_ALWAYS CUDDLYBUDDLY_SSL_DEFAULT = CUDDLYBUDDLY_SSL_ALWAYS
Possible values are CUDDLYBUDDLY_SSL_NEVER, CUDDLYBUDDLY_SSL_ASIS and CUDDLYBUDDLY_SSL_ALWAYS.