19👍
The {% url %} tag only generates the path portion of the URL, not the host portion. It only generates something like “/path/to/here” (all you need to do is “view source” and you’ll see that’s the entire contents of the href). It’s your browser that assumes if you’re currently on http://example.com the link should also be within http://example.com. So all you need to do to generate a secure link in your template is:
<a href="https://example.com{% url blah %}">
If you don’t want to hardcode the domain name (and I wouldn’t), you can use the Site object and have it look something like:
<a href="https://{{ site.domain }}{% url blah %}">
Or if you don’t want to use the sites framework, you can use request.get_host:
<a href="https://{{ request.get_host }}{% url blah %}">
6👍
I’ve not worked much with secure urls, but I have worked a bit with satchmo, which has a middleware and some utils for it. The middleware just checks for the key SSL = True in the view parameters, and makes the request secure that way. You probably don’t need to make it that complex, but you can take a look at how it’s implemented.
Satchmo is on bitbucked here
I was also able to find a snippets for middlewares which also should be able to help you get a secure login url:
The first is the original, while the 2nd should be ab improved version, at some point, but might not be the case anymore. You can take a look into them.
Using either satchmo or one of the middleware snippets you should be able to do something like
{% url login_page %}
{% url login_page SSL=1 %}
0👍
Perhaps you could write a tag url_https that does the same thing as url but points to the HTTPS version of the url.
- Django storage s3 media url is https:// instead of http://
- Django: foreign key value in a list display admin