HI, I deployed a Django application to Railway. It’s based on the MDN Tutorial. But there are two recommended security settings that I haven’t been able to get to work: SECURE_SSL_REDIRECT
and SESSION_COOKIE_SECURE
. If I set either of these to True, the browser (Firefox, Chrome) reports a “redirect failure” for any requested page. If these are both set False, the application appears to work correctly. The site is SSL enabled by default so I’m not sure if these settings are necessary.
I have the setting CSRF_COOKIE_SECURE
set True, but it is not causing any errors when I submit a form. I haven’t tested the SECURE_HSTS_SECONDS
setting yet.
EDIT: This is what shows in Firefox:
The page isn’t redirecting properly
An error occurred during a connection to web-production-78d2.up.railway.app.
This problem can sometimes be caused by disabling or refusing to accept cookies.
I have logging to the console turned on at the INFO level but nothing is getting logged on this.