Heroku上的Django SSL重定向:“重定向过多”
[英]Django SSL redirection on Heroku: 'Too many redirects'
问题描述
I have a web app deployed to Heroku with a custom domain name which DNS is managed through CloudFlare. 
我有一个使用自定义域名部署到Heroku的Web应用程序,该域名通过CloudFlare管理。
What I want to do is redirect HTTP requests to HTTPS . 我要做的是将HTTP请求重定向到HTTPS 。
After setting SECURE_SSL_REDIRECT to True, according to Django's documentation , I encounter a Too many redirects (or site redirected you too many times ) error while accessing the site via the custom domain. 根据Django的文档 ,将SECURE_SSL_REDIRECT设置为True之后,在通过自定义域访问网站时,我遇到了Too many redirects (或site redirected you too many times )错误。
This is what I have in my settings.py file: 这是我的settings.py文件中的内容:
SECURE_SSL_REDIRECT = True
SECURE_PROXY_SSL_HEADER = ('X-Forwarded-Proto', 'https')
Note that this redirect works with the myapp.herokuapp.com domain. 请注意,此重定向适用于myapp.herokuapp.com域。
I am using DNS + Proxy on CloudFlare, and SECURE_PROXY_SSL_HEADER is set according to Heroku's documentation . 我在CloudFlare上使用DNS +代理,并且根据Heroku的文档设置了SECURE_PROXY_SSL_HEADER 。
Here is the Heroku log: 这是Heroku日志:
2019-04-17T11:21:08.514202+00:00 heroku[router]: at=info method=GET path="/" host=staging.mywebsite.com request_id=cf90ab0c-0895-4faf-aeea-5ee5fe5f970d fwd="115.87.132.194,172.68.242.176" dyno=web.1 connect=0ms service=2ms status=301 bytes=228 protocol=http
4 个解决方案
解决方案1
5 已采纳 2019-06-11 16:10:22
As I understand 'Cloudflare', is that it uses proxies for making your website faster. 据我了解,“ Cloudflare”是它使用代理来使您的网站更快。 In combination with heroku it will lead in 'Too many redirects' if the proxy is enabled. 如果启用了代理,则与heroku结合使用将导致“重定向过多”。
Make sure the cloud in Cloudflare DNS is not set to orange and will not use a proxy before your server. 确保Cloudflare DNS中的云未设置为橙色,并且在服务器之前不会使用代理。
You can set up SSL in heroku see: https://devcenter.heroku.com/articles/ssl-endpoint 您可以在heroku中设置SSL,请参见: https ://devcenter.heroku.com/articles/ssl-endpoint
解决方案2
3 2019-09-21 19:47:18
Django modifies the format of the header, so "X-Forwarded-Proto" becomes "HTTP_X_FORWARDED_PROTO", so you should replace 'X-Forwarded-Proto' with 'HTTP_X_FORWARDED_PROTO' in your example. Django修改了标头的格式,因此“ X-Forwarded-Proto”变为“ HTTP_X_FORWARDED_PROTO”,因此在示例中,您应将'X-Forwarded-Proto'替换为'HTTP_X_FORWARDED_PROTO' 。
From the Django documentation : 从Django文档中 :
Note that the header needs to be in the format as used by request.META – all caps and likely starting with HTTP_.
There is also an example for this exact header. 此确切的标头也有一个示例。
Set a tuple with two elements – the name of the header to look for and the required value.
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')This tells Django to trust the X-Forwarded-Proto header that comes from our proxy, and any time its value is 'https', then the request is guaranteed to be secure (ie, it originally came in via HTTPS).
解决方案3
0 2019-04-17 16:24:09
There is note in the Django documentation for SECURE_SSL_REDIRECT stating that: Django文档中有关于SECURE_SSL_REDIRECT注释,指出:
If turning this to
Truecauses infinite redirects, it probably means your site is running behind a proxy and can't tell which requests are secure and which are not.True会导致无限重定向,则可能意味着您的网站在代理后面运行,并且无法确定哪些请求是安全的,哪些不是安全的。 Your proxy likely sets a header to indicate secure requests;SECURE_PROXY_SSL_HEADERsetting accordingly.SECURE_PROXY_SSL_HEADER设置来纠正问题。
解决方案4
0 2019-11-21 23:43:17
After trying multiple approaches with this and always getting a "Too Many Redirects" error, I simply decided to do all the redirect from CloudFlare and remove it from my Django App. 在尝试了多种方法并始终收到“ Too Many Redirects”错误之后,我只是决定从CloudFlare进行所有重定向,并将其从我的Django App中删除。
Here is the documentation . 这是文档 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.