Sign inDemoInstall


Package Overview
File Explorer

Install Socket

Protect your apps from supply chain attacks



Force SSL on your Django site.





Do you want to force HTTPs across your Django site? You're in the right place!

.. image::
    :alt: django-sslify Release

.. image::
    :alt: django-sslify Downloads

.. image::
    :alt: django-sslify Build

.. image::
   :alt: Guardian Sketch


- Author: Randall Degges
- Email:
- Site:
- Status: maintained, active


Enabling SSL on your Django site should be easy, easy as in *one-line-of-code
easy*.  That's why I wrote ``django-sslify``!

The goal of this project is to make it easy for people to force HTTPS on every
page of their Django site, API, web app, or whatever you're building.  Securing
your site shouldn't be hard.


To install ``django-sslify``, simply run:

.. code-block:: console

    $ pip install django-sslify

This will install the latest version of the library automatically.

If you're using `Heroku <>`_, you should add
``django-sslify>=0.2`` to your ``requirements.txt`` file:

.. code-block:: console

    $ echo 'django-sslify>=0.2.0' >> requirements.txt

Once you've done this, the next time you push your code to Heroku this library
will be installed for you automatically.


To use this library, and force SSL across your Django site, all you need to do
is modify your ```` file, and prepend
``sslify.middleware.SSLifyMiddleware`` to your ``MIDDLEWARE_CLASSES`` setting:

.. code-block:: python


        # ...

.. note::
    Make sure ``sslify.middleware.SSLifyMiddleware`` is the first middleware
    class listed, as this will ensure that if a user makes an insecure request
    (*over HTTP*), they will be redirected to HTTPs before any actual
    processing happens.

If you're using Heroku, you should also add the following settings to your
Django settings file:

.. code-block:: python


This ensures that Django will be able to detect a secure connection properly.

Using a Custom SSL Port

If your site is running on a non-standard SSL port, you can change
``django-sslify``'s default redirection behavior by setting a special variable
in your ```` file:

.. code-block:: python

    SSLIFY_PORT = 999

Disabling SSLify

If you'd like to disable SSLify in certain environments (*for local development,
or running unit tests*), the best way to do it is to modify your settings file
and add the following:

.. code-block:: python


You can also disable SSLify for certain requests only (*useful for exposing
HTTP-only web hook URLs, etc*) by adding a callable with a single request
parameter to the ``SSLIFY_DISABLE_FOR_REQUEST`` list.  Returning ``True`` from
your callable will disable SSL redirects.

.. code-block:: python

        lambda request: request.get_full_path().startswith('/no_ssl_please')


This code was initially taken from
`this StackOverflow thread <>`_.

This code has been adopted over the years to work on Heroku, and non-Heroku

If you're using Heroku, and have no idea how to setup SSL, read
`this great article <>`_
which talks about using the new SSL endpoint addon (*which totally rocks!*).

NGINX + Infinite Redirect

If you're running your Django app behind an Nginx load balancer, and are seeing
infinite redirects, the solution is to add the following line:

.. code-block:: text

    proxy_set_header X-Forwarded-Proto $scheme;

To your ``nginx.conf`` file, inside of the relevant ``location`` blocks.  This
`Stack Overflow thread
might also be useful.


This project is only possible due to the amazing contributors who work on it!

If you'd like to improve this library, please send me a pull request! I'm happy
to review and merge pull requests.

The standard contribution workflow should look something like this:

- Fork this project on Github.
- Make some changes in the master branch (*this project is simple, so no need to
  complicate things*).
- Send a pull request when ready.

Also, if you're making changes, please write tests for your changes -- this
project has a full test suite you can easily modify / test.

To run the test suite, you can use the following commands:

.. code-block:: console

    $ cd django-sslify
    $ python develop
    $ python test sslify

Change Log

All library changes, in descending order.

Version 0.2.5

**Released December 28, 2014.**

- Adding in new ``SSLIFY_DISABLE_FOR_REQUEST`` setting which allows a user to
  specify functions that can choose to reject SSL -- this is useful for
  situations where you might want to force SSL site-wide EXCEPT in a few
  circumstances (*webhooks that don't support SSL, for instance*).

Version 0.2.4

**Released on November 23, 2014.**

- Adding the ability to specify a custom SSL port.
- Totally revamping docs.
- Changing project logo / mascot thingy ^^
- Adding new tests for custom SSL ports.



Did you know?

Socket installs a GitHub app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc