From 4c84ac0979a0946651fb28a74bba2fd6a2b64d2c Mon Sep 17 00:00:00 2001
From: Sean Morley <zipsm15@gmail.com>
Date: Mon, 13 Jan 2025 19:21:35 -0500
Subject: [PATCH] fix: enhance middleware to set HTTP_X_FORWARDED_PROTO and
 secure proxy SSL header

---
 backend/server/adventures/middleware.py | 14 +++++++++-----
 backend/server/main/settings.py         |  2 ++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/backend/server/adventures/middleware.py b/backend/server/adventures/middleware.py
index 550e581..9c5badd 100644
--- a/backend/server/adventures/middleware.py
+++ b/backend/server/adventures/middleware.py
@@ -31,12 +31,16 @@ class OverrideHostMiddleware:
     def __init__(self, get_response):
         self.get_response = get_response
 
-    def __call__(self, request: HttpRequest):
-        # Override the host with the PUBLIC_URL environment variable
+    def __call__(self, request):
         public_url = os.getenv('PUBLIC_URL', None)
         if public_url:
-            # Split the public URL to extract the host and port (if available)
-            host = public_url.split("//")[-1].split("/")[0]
-            request.META['HTTP_HOST'] = host  # Override the HTTP_HOST header
+            # Extract host and scheme
+            scheme, host = public_url.split("://")
+            request.META['HTTP_HOST'] = host
+            request.META['wsgi.url_scheme'] = scheme
+
+            # Set X-Forwarded-Proto for Django
+            request.META['HTTP_X_FORWARDED_PROTO'] = scheme
+
         response = self.get_response(request)
         return response
diff --git a/backend/server/main/settings.py b/backend/server/main/settings.py
index 32e1a07..8ccb49b 100644
--- a/backend/server/main/settings.py
+++ b/backend/server/main/settings.py
@@ -139,6 +139,8 @@ SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) >
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.7/howto/static-files/
 
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
 
 BASE_DIR = Path(__file__).resolve().parent.parent
 STATIC_ROOT = BASE_DIR / "staticfiles"