Задать вопрос

Тел: +7 965 3737 888

496

Просмотров

2

Ответов

TLS(SSL) middleware, per URL pattern or whole site

<p>Allows url patterns to include a boolean indicating whether a view requires
   TLS(SSL).  The accompanying middleware handles the redirects needed to make
   sure that it upholds this requirement.
</p>
<p><strong>WARNING</strong>: this monkey-patches some Django internals and is difficult to test
   since Django's TestClient does not support TLS.  If you use this make sure you
   test it thouroughly.
</p>
<p>Add this to your Django settings
</p>
USE_TLS = True   # The default for this setting is False.
<p>URL pattern usage
</p>
url(r'^login$', 'myproject.login.index',
    {'require_tls': True}, name='login-index'),
<p>Use require_tls True to force the middleware to perform redirects needed to
   make sure your are serving this view using https.
</p>
<p>Use require_tls False to force the middleware to redirect to http.  Be
   careful with this setting, this may not behave as you expect.  If you don't
   care if the view is served via https or http then do not include
   require_tls in the pattern.
</p>
<p>If you wish to have every view in the site served with TLS then specify the
   following Django setting
</p>
ALWAYS_USE_TLS = True   # Django setting, use TLS for every view

Вопрос полезен? Да0/Нет0
file_4728.py(6.5Кб)
None

Ответы (2):

Ответrobmadole:20.12.2010
Ответ полезен? Да0/Нет0

Yep, a decorator is simpler but we needed a bit more control at the time and the option to secure the entire site. And with the monkey-patching this one is certainly not the most comfortable.

Ответcricogik:07.12.2010
Ответ полезен? Да0/Нет0

Hmm, I think that better (more generic) way to specify which method shoud be protected using SSL is decorator for view and/or routers:

eg,

url(r'^login/$', use_ssl('myproject.login.index')),

...

@use_ssl
def my_view(request):
    pass