Switch URL protocol for resource links to HTTPS #1
Comments
|
I think this is the case for any url provided through the API. Tested with the following requests: |
|
I am running into the same problem. I first make a fetch request to retrieve page 1 data which works fine but then when I try to use the urls contained within that data to make additional fetch requests I'm getting failures because they are all http instead of https. Would be great if this could be updated. |
|
Help would be highly appreciated with this issue. In my current setup I have nginx in front of SWAPI application. NginX is terminating SSL, so Django that runs SWAPI thinks that it is requested via HTTP. That's why (I think) the links appear broken. The problem is - I have very little knowledge of Django and I am not sure if I can configure protocol for the links in JSON responses explicitly. |
|
Hello, @Juriy. I am really glad to see your activity on this project. :) To make Django use HTTPS instead of HTTP, set |
|
@leonidpodriz thanks for the hint! The thing is that I want Django to stay on HTTP, since it is NGINX that is dealing with HTTPS and SSL termination. Then it acts as a reverse proxy, and passes the request to Django app over plain HTTP. So it is fine for Django to be on HTTP ( it is not exposed externally ) but somehow we need to let it know that it is behind a reverse proxy, and the real protocol that clients use is HTTPS.
This StackOverflow question seems to be relevant. I will experiment with |
|
@Juriy Well, you're right. But after Proofs from local testing: This environment variable is uses only to build absolute URLs. Django has a few more ways to make it return HTTPS URLs, but this way is the easiest and impact only one function (see above), not the whole application. |
|
Thank you for the hint, let me test it on prod-like first and I'll update prod right after. |
|
Hey, don't spend your time for my "hint". :) I got wrong, because this won't be work when Nginx connects to Django thorough WSGI. In my environment, rewritten "SWAPI" handle HTTPS well. I think it is related to this: https://docs.djangoproject.com/en/3.2/releases/1.11.22/ I propose the next solution: |
|
Fixed. Basically I was overthinking it a little 🙂 https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header All I had to do is make Nginx send this header. Now this was very close to what @leonidpodriz suggested, except for a minor difference in syntax for config. Thanks for help! |
The parent project has an issue filed to make the resource links the same protocol as the request.
Change URL protocol in response data based on whether the request was made over HTTPS:
phalt#66
Since the swapi.dev server uses HTTPS (it even redirects HTTP to HTTPS) and the world has pretty much switched over to HTTPS, it probably makes sense to just do a simple straight switch to HTTPS. There's little value in making the response intelligent based on the protocol of the request.
Currently the
nextfield in responses uses the HTTP protocol:GET
https://swapi.dev/api/vehicles/?format=json{ "count": 39, "next": "http://swapi.dev/api/vehicles/?page=2&format=json", "previous": null, "results": [ { "name": "Sand Crawler", "model": "Digger Crawler", "manufacturer": "Corellia Mining Corporation", "cost_in_credits": "150000", "length": "36.8 ", "max_atmosphering_speed": "30",Following the
nextlink can result in errors like:This problem would be resolved by using HTTPS in the
nextfield:The text was updated successfully, but these errors were encountered: