Silence SECURE_SSL_REDIRECT check
Closed this issue · 0 comments
At the moment settings.SECURE_SSL_REDIRECT
is on my default in non-dev. That means it requires that the traffic to Django is either over HTTPS or the X-Forwarded-Proto: https
header.
This causes a problem, in GCP, because the X-Forward-Proto
is something that gets set in Nginx. Normal operation is User ==> GCP Load Balancer ==> Nginx ==> Django. But the internal healthcheck that supports the load balancer asks Django directly (on /__lbheartbeat__
) "Are you healthy?" but when it does this, in GCP, you can't control the headers like you can when the request goes through Nginx. So those requests, directly to Django, result in a 301 redirect because Django refuses to accept HTTP traffic and thus the load balancer's health check ultimately fails.
If we set DJANGO_SECURE_SSL_REDIRECT=false
Django won't do the above-mentioned redirect. However, then the checks that back /__heartbeat__
will raise warnings which means the HTTP code becomes 500
.
We basically need to tell Django to take it easy on this stuff. We KNOW we're not exposing Django to any non-HTTPS traffic.