Django REST Framework does not use HTTPS for page links

Question

Django REST Framework does not use HTTPS for page links

I configure pagination for a specific DRF endpoint, which works well, but when deployed to my server that uses HTTPS, links to the next and previous pages are formed using http://instead https://. This causes the browser to block next / previous pages.

I double-checked that the original request was sent with HTTPS, and the second answer to this question claims that it should use HTTPS in the generated URLs since the request came through HTTPS.

The first answer to the same question didn’t help either - I added a line X-Forwarded-Prototo my nginx configuration and rebooted, but to no avail.

DRF docs mention that reverse () should behave like the underlying Django reverse, however it seems pretty obvious that the initial request is HTTPS while the return URL is HTTP.

Here are some screenshots that show the initial request ( https://<domain>.com/api/leaderboard/):

With an answer containing next: http://<domain>.com/api/leaderboard/?page=2):

I realized that this would be a simple setup, but could not find anything after searching for both this site and the DRF site.

This is my nginx configuration:

 location / {
    # proxy_pass http://127.0.0.1:9900;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';

    root /opt/app/client/dist;
    index index.html index.htm;

}

This question contains a rather detailed answer, but ultimately says that the URLs are formed with the same protocol as the request, which does not seem to be the case here. Do I need to set this Django SECURE_PROXY_SSL_HEADER? I was not sure, given the warning, that it was potentially unsafe.

+16

django django-rest-framework

dkhaupt 15 . '17 19:25

2

Linovia · Answer 1 · 2017-03-15T19:33:39+0000

Django SECURE_PROXY_SSL_HEADER? , , .

, . , . , , X-Forwarded-Proto .

Shaung Cheng · Answer 2 · 2019-09-05T07:48:54+0000

SO , Google, , , . Kubernetes, .

Kubernetes, Django, , , , :

, , OP, DRF http, API https. , API- , Django REST Framework (DRF), API. , , DRF, http , .

:

Kuberenetes Nginx Ingress Controller ( SSL letsencrypt)
Django
Gunicorn Django
settings.py

nginx.conf . , , : kuberctl get pods -n <namespace of your ingress controller>, , kubectl exec -it -n ingress_controller_namespace ingress_controller_pod_name cat /etc/nginx/nginx.conf > nginx.conf.
nginx.conf, , proxy_set_header X-Forwarded-Proto $scheme; location , , X-Forwarded-Proto. Kubernetes nginx ( ) .
Gunicorn. : --forwarded-allow-ips="*" gunicorn, , IP- nginx, , gunicorn , gunicorn , , gunicorn django_server.wsgi:application --forwarded-allow-ips="*" --workers=${PROPER_WORKER_NUM} --log-level info --bind 0.0.0.0:8001. 4 , workers=4, , . --log-level info , .
Django SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') settings.py, . , HTTP_ nginx X-Forwarded-Proto. , WSGI , . , HTTP_X_FORWARDED_PROTO "https", Django . , , request.is_secure == True, request.build_absolute_uri(None) == 'https://...' , , Django REST Framework https! ( API https)

, . DRF https - . , , , , - DRF http. , :

Django, print(), DEBUG=True , html-, , SSL.

request.is_secure(): DRF http, , False.
request.META , . HTTP_X_FORWARDED_PROTO ? ?
- , -: HTTP_X_FORWARDED_PROTO http,https, , - , , , proxy_set_header, ! K8 , , location-snippet, proxy_set_header X-Forwarded-Proto $scheme;. , DRF https, . , , proxy_set_header "" . , , .

Django REST Framework does not use HTTPS for page links

More articles: