Django 相对 url 和 https
我有一个 Django 项目,对 URL 的某些部分(/account/、/admin/、/purchase/)使用 https。
当以 https 模式访问此页面之一时,所有相对内部链接 {% url foo %} 将指向 https://my_url 。
但是我不想让这些页面显示为 https:主页、联系人...
此类需求的解决方案是什么?
强制执行绝对网址?
http://{{ domain }}{% url foo %}
不太好。
I have a Django project using https for certain part of the url (/account/, /admin/, /purchase/).
When on one of this page in https mode, all the relative inner links {% url foo %} will point to https://my_url.
However I do not want to have those pages shown as https :home, contacts ...
What are the solutions for this kind of requirements ?
Enforcing absolute url ?
http://{{ domain }}{% url foo %}
is not too nice.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
正如 Tomasz 所建议的,一种方法是设置中间件以根据需要重定向到 https 或从 https 重定向。这是一个实现 - 这个想法是装饰那些应该在 https 下提供的视图,当用户导航到不应该安全的视图时,中间件会自动将它们重定向回页面的 http 版本。
As Tomasz suggests, one way to do it is to set up middleware to redirect to and from https as necessary. Here's one implementation - the idea is to decorate those views that should be served under https, and when the user navigates to a view that shouldn't be secure from one that is, the middleware redirects them automatically back to the http version of the page.
想法:您可以使用自定义中间件将 centrain URL 或 URL 模式从 https 重定向到 http(反之亦然)。这也可以在 Apache(或其他 Web 服务器)配置中完成。
Idea: you can use a custom middleware to redirect from https to http (or vice versa) for centrain URLs or URL patterns. This could also be done in Apache (or other web server) configuration.
可以使用您的网络服务器重写为 http,这样 Django 甚至不需要知道。
Could use your webserver to rewrite to http, that way Django doesn't even need to know.
我发现这个片段很好地解决了这种情况。需要 SSL 的视图将通过从 http 版本的 URL 重定向到 https 版本的 URL 来获得它们,反之亦然。
是的,在 https 页面上,指向站点中非 https 页面的出站链接仍将以 https 开头,但用户将被重定向到 http 版本。
(但是,有一个问题:如果您从 http 发布到 https,则它将不起作用,反之亦然)
I find this snippet takes care of the situation nicely. Views that need SSL will have them, via a redirect from the http to https version of the url, and vice-versa.
Yes, on a https page, the outbound link to a non-https page in your site will still start with https, but the user will be redirected to the http version.
(There is a gotcha, however: it won't work if you're posting from http to https and vice versa)
也许这可以为您服务
http://code.djangoproject.com/wiki/ContributedMiddleware#SSLMiddlewarebyStephenZabel
贡献的 SSL 中间件
maybe this can serve for you
http://code.djangoproject.com/wiki/ContributedMiddleware#SSLMiddlewarebyStephenZabel
an contributed SSL Middleware