[Solved]-Django – links generated with {% url %} – how to make them secure?

19👍

The {% url %} tag only generates the path portion of the URL, not the host portion. It only generates something like “/path/to/here” (all you need to do is “view source” and you’ll see that’s the entire contents of the href). It’s your browser that assumes if you’re currently on http://example.com the link should also be within http://example.com. So all you need to do to generate a secure link in your template is:

<a href="https://example.com{% url blah %}">

If you don’t want to hardcode the domain name (and I wouldn’t), you can use the Site object and have it look something like:

<a href="https://{{ site.domain }}{% url blah %}">

Or if you don’t want to use the sites framework, you can use request.get_host:

<a href="https://{{ request.get_host }}{% url blah %}">

6👍

I’ve not worked much with secure urls, but I have worked a bit with satchmo, which has a middleware and some utils for it. The middleware just checks for the key SSL = True in the view parameters, and makes the request secure that way. You probably don’t need to make it that complex, but you can take a look at how it’s implemented.

Satchmo is on bitbucked here

I was also able to find a snippets for middlewares which also should be able to help you get a secure login url:

The first is the original, while the 2nd should be ab improved version, at some point, but might not be the case anymore. You can take a look into them.

Using either satchmo or one of the middleware snippets you should be able to do something like

{% url login_page %}
{% url login_page SSL=1 %}

0👍

Perhaps you could write a tag url_https that does the same thing as url but points to the HTTPS version of the url.

Leave a comment