not-kennethreitz/flask-sslify

Don't force SSL for localhost

YoavShapira opened this issue · 1 comments

I'd like to add a criteria to the existing ones (app.debug, x-forwarded-proto, request.is_secure), which is to support local development. If the incoming request URL host name is "localhost" or 127.0.0.1, don't force SSL.

Objections / thoughts?

Currently, the code doesn't force SSL when debug mode is enabled.