Properly handle proxied HTTPS headers

lincolnloop · May 15, 2018 · f0963d9 · f0963d9
1 parent 03d7fc1
commit f0963d9
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/CHANGES.md b/CHANGES.md
@@ -3,7 +3,7 @@
 0.9.3 (unreleased)
 ------------------
 
-- Nothing changed yet.
+- Adds proper SSL handling
 
 
 0.9.2 (2018-05-15)

diff --git a/README.md b/README.md
@@ -50,6 +50,10 @@ pip install saltdash
 webserver is included and can be started with `saltdash serve`. If Docker is
 more your speed, there's a `Dockerfile` as well.
 
+⚠️ The built-in webserver does not handle HTTPS. The default settings assume the
+app is deployed behind a proxy which is terminating HTTPS connections and
+properly handling headers. If this is not the case, [you should read this](https://docs.djangoproject.com/en/2.0/ref/settings/#secure-proxy-ssl-header) and take appropriate actions.
+
 ### Configuration
 
 Configuration can be done via environment variables, a file, or a combination

diff --git a/saltdash/settings/__init__.py b/saltdash/settings/__init__.py
@@ -45,6 +45,7 @@
 DEBUG = config.DEBUG
 
 ALLOWED_HOSTS = config.ALLOWED_HOSTS
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
 
 # Application definition