English 中文(简体)
Django - links generated with {% url %} - how to make them secure?
原标题:

If I want to give an option for users to log in to a website using https:// instead of http://, I d best to give them an option to get there in my view or template.

I d like to have the link "Use secure connection" on my login page - but then, how do I do it without hardcoding the URL?

I d like to be able to just do:

{% url login_page %}
{% url login_page_https %} 

and have them point to http://example.com/login and https://example.com/login.

How can I do this?

问题回答

The {% url %} tag only generates the path portion of the URL, not the host portion. It only generates something like "/path/to/here" (all you need to do is "view source" and you ll see that s the entire contents of the href). It s your browser that assumes if you re currently on http://example.com the link should also be within http://example.com. So all you need to do to generate a secure link in your template is:

<a href="https://example.com{% url blah %}">

If you don t want to hardcode the domain name (and I wouldn t), you can use the Site object and have it look something like:

<a href="https://{{ site.domain }}{% url blah %}">

Or if you don t want to use the sites framework, you can use request.get_host:

<a href="https://{{ request.get_host }}{% url blah %}">

I ve not worked much with secure urls, but I have worked a bit with satchmo, which has a middleware and some utils for it. The middleware just checks for the key SSL = True in the view parameters, and makes the request secure that way. You probably don t need to make it that complex, but you can take a look at how it s implemented.

Satchmo is on bitbucked here

I was also able to find a snippets for middlewares which also should be able to help you get a secure login url:

The first is the original, while the 2nd should be ab improved version, at some point, but might not be the case anymore. You can take a look into them.

Using either satchmo or one of the middleware snippets you should be able to do something like

{% url login_page %}
{% url login_page SSL=1 %}

Perhaps you could write a tag url_https that does the same thing as url but points to the HTTPS version of the url.





相关问题
How to get two random records with Django

How do I get two distinct random records using Django? I ve seen questions about how to get one but I need to get two random records and they must differ.

Moving (very old) Zope/Plone Site to Django

I am ask to move data from a (now offline) site driven by Plone to a new Django site. These are the version informations I have: Zope Version (unreleased version, python 2.1.3 ) Python Version 2.1....

Can Django models use MySQL functions?

Is there a way to force Django models to pass a field to a MySQL function every time the model data is read or loaded? To clarify what I mean in SQL, I want the Django model to produce something like ...

Flexible pagination in Django

I d like to implement pagination such that I can allow the user to choose the number of records per page such as 10, 25, 50 etc. How should I go about this? Is there an app I can add onto my project ...

is it convenient to urlencode all next parameters? - django

While writing code, it is pretty common to request a page with an appended "next" query string argument. For instance, in the following template code next points back to the page the user is on: &...

Pragmatically adding give-aways/freebies to an online store

Our business currently has an online store and recently we ve been offering free specials to our customers. Right now, we simply display the special and give the buyer a notice stating we will add the ...

热门标签