Hello,
I have SSL certificate installed on my web server.
Web server is configured to redirect http to https.
I have the following parameters in my settings.py:
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000
Anything else is required?
You can look here to see Django settings related to SSL/HTTPS.
https://docs.djangoproject.com/en/3.1/topics/security/#ssl-https
Where do you think Iāve got those parameters?
People on this site are very interesting. The ONLY thing they know is how to post a link to Django documentation!
Iām curious, why do you think we should rewrite or copy/paste the documentation when the specific answer to a question is in that documentation?
You asked the question:
The documentation linked to so kindly by @marcorichetta answers your question. If youāre having a specific problem with something in that document, you can always ask for clarification here. But yes, the expectation is that you will do your part and read it first.
In your particular case, your comment is factually incorrect considering the following:
First, the documentation is the first step for every developer! When people come here and ask question, it is obvious that something is not clear!!! The problem is, you guys donāt have any real-world experience and all you know is what is written in the documentation!!!
For example in the documentation there is SECURE_SSL_REDIRECT which is absolutely NOT necessary in my setup because I do that on ngnix level! So if I follow the documentation only, I would have it in my settings while it has no use and propably creates issues instead of being useful!
All my questions which you have mentioned are real-case scenarios and none of them are explained in the documentation! From 1992 when I started to learn Turbo Pascal till now my only reference are books and later online tutorials and Djangoās is the worst one EVER!
So, from now on please stay away from my topic if all you know is how to post a link!
See SECURE_SSL_REDIRECT for the caveats when using it in an environment for which itās not needed.
Weāre building a knowledge base here. Weāre not just answering questions for your immediate needs but also for those coming along later and looking for information.
If a general question is best-answered by a link to the documentation, then yes, Iām going to supply an answer as a link to the relevant page.
If a question is asked in sufficient detail such that itās clear that the documentation has been referenced and the question identifies a specific issue needing to be addressed, then Iām more likely to provide supplemental information.
I would also suggest that you try to moderate your ātoneā some. Comments about people are not appropriate here. See the FAQ and the related Django Code of Conduct
I really appreciate your clarification, @KenWhitesell.
If your question had been more detailed, maybe I would not have answered with just a link.@OmidShojaee