Silence SECURE_SSL_REDIRECT check

[peterbe]

At the moment settings.SECURE_SSL_REDIRECT is on my default in non-dev. That means it requires that the traffic to Django is either over HTTPS or the X-Forwarded-Proto: https header.

This causes a problem, in GCP, because the X-Forward-Proto is something that gets set in Nginx. Normal operation is User ==> GCP Load Balancer ==> Nginx ==> Django. But the internal healthcheck that supports the load balancer asks Django directly (on /__lbheartbeat__) "Are you healthy?" but when it does this, in GCP, you can't control the headers like you can when the request goes through Nginx. So those requests, directly to Django, result in a 301 redirect because Django refuses to accept HTTP traffic and thus the load balancer's health check ultimately fails.

If we set DJANGO_SECURE_SSL_REDIRECT=false Django won't do the above-mentioned redirect. However, then the checks that back /__heartbeat__ will raise warnings which means the HTTP code becomes 500.

We basically need to tell Django to take it easy on this stuff. We KNOW we're not exposing Django to any non-HTTPS traffic.