We have a django app accessed via SSL (i.e. with https). When we went
to the admin site and it was redirected to admin/login/?next=/admin/
because we were not logged in, the https was not carried over and the
request failed. I added
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
to my settings and then the admin redirect worked. But we have some
clients that access the site with curl or python requests and after
adding that all their existing code broke. They now all have to add a
referer to all their requests for them to work.
My question is, is there a way to make the admin redirect work but not
require all the other requests to have a referer? A non redirected
request from the browser works, and that doesn't have a referer, so
why is it required on the curl requests?
Thanks!
-larry
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CACwCsY6UO%3Dd6NwkbjU-OaL2Y2TF-p81nf%3DSTx7gZukJeGQXZuw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
