Skip to content

dwaiter/django-watersheep

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
watersheep
watersheep
 
 
.hgignore
.hgignore
 
 
.hgtags
.hgtags
 
 
README.markdown
README.markdown
 
 
setup.py
setup.py
 
 

Repository files navigation

Based on http://djangosnippets.org/snippets/85/ with a few additional tweaks.

The watersheep middleware will look for a SECURE_REQUIRED_PATHS variable in your settings.py and redirect any non-HTTPS requests for them to HTTPS versions. Child paths of those paths will also be redirected.

Once a user is logged in, all non-HTTPS requests are redirected to HTTPS versions to help prevent session-jacking.

There's also a decorator to let you mark specific views as HTTPS-only.

Requirements

  • Django 1.1+
  • Pip, virtualenv, etc

Installation

Install into your virtualenv with pip:

pip install -e hg+http://bitbucket.org/dwaiter/django-watersheep#egg=watersheep

There's also a git mirror if you prefer:

pip install -e git+http://github.com/dwaiter/django-watersheep#egg=watersheep

Usage

Add the middleware to MIDDLEWARE_CLASSES after the authentication middleware:

MIDDLEWARE_CLASSES = (
    # ...
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    # ...
    'watersheep.middleware.SecureRequiredMiddleware',
    # ...
)

Add the SECURE_REQUIRED_PATHS setting to define what URLs should be HTTPS-only:

SECURE_REQUIRED_PATHS = (
    '/login',
    '/logout',
    '/admin',
    # ...
)

To use the decorator:

from watersheep.decorator import secure_required

# ...

@secure_required
def photo_edit(request, slug):
    # ...

About

EOL - Reference Only - Use SSL to help prevent stuff like this: http://codebutler.com/firesheep

Resources

Readme
Activity
Custom properties

Stars

9 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

No packages published

Languages