I am currently working on securing my Django site with SSL. I would like some URL patterns to be accessible only through HTTPS. The most important thing to do is to protect the login site. There is such a form when the user enters his username / password into the form and the form is sent to the server. In the login page template, I have something like
<form method="POST" action="{% url login %}">
and in my urls.py one of the templates is similar to
url(r'^login/$', 'mySiteLogin', name='login'),
Now I have found some resources suggesting using middleware that will rewrite http to https , for example: Django and https relative URLs . But the login to the system cannot be performed in this way - there is no need to rewrite the protocol when the user has already sent the password in clear text!
So, I think, can I somehow say {% url %} use https ? Iām thinking of a solution that the decorator will use to mark representations that require encryption, and then some tag similar to {% url %} will use this information and create a link with https if necessary.
Or is there another way?
Thanks,
Mike
Jasiu source share