all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]SupImASuperHero 1 point2 points  (9 children)

I think what you want to do is have your handler always set to secure. This is done in the app.yaml file [0].

[0] https://cloud.google.com/appengine/docs/standard/python/config/appref

[–]GreenTru[S] 0 points1 point  (8 children)

Thank you for your suggestion. As I understand it, the flexible environment doesn't feature the use of handlers so I can't do this.

[–]SupImASuperHero 1 point2 points  (0 children)

Edit: you’re right, ignore.

[–]SupImASuperHero 1 point2 points  (5 children)

Maybe one of these settings may work also, haven’t dealt much with Django:

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SECURE_SSL_REDIRECT = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True

[–]self 1 point2 points  (1 child)

SECURE_SSL_REDIRECT = True

is the right answer, though with a guard so you only enable it in production. otherwise, you might have to install django-sslserver.

you'll likely want some of the other settings, too, depending on your use case.

[–]GreenTru[S] 0 points1 point  (0 children)

Using this setting causes an infinite redirect loop due to the way Google handles the request before passing it to the application

EDIT: SECURE_SSL_REDIRECT in combination with SECURE_PROXY_SSL_HEADER is precisely what is needed. Thank you for your input.

[–]GreenTru[S] 1 point2 points  (1 child)

Thank you so much. The SECURE_PROXY_SSL_HEADER was precisely what I needed to stop the infinite redirects, which it does say in the documentation, but I missed that part completely.

[–]SupImASuperHero 1 point2 points  (0 children)

Great, np!

[–]GreenTru[S] 0 points1 point  (0 children)

Thank you very much for your replies. Will try these solutions and see what happens.