fix: enhance middleware to set HTTP_X_FORWARDED_PROTO and secure proxy SSL header

2025-07-20 05:19:38 +02:00 · 2025-01-13 19:21:35 -05:00 · 2025-01-13 19:21:35 -05:00 · 4c84ac0979
commit 4c84ac0979
parent 62d2fd7c6a
2 changed files with 11 additions and 5 deletions
--- a/backend/server/adventures/middleware.py
+++ b/backend/server/adventures/middleware.py
@ -31,12 +31,16 @@ class OverrideHostMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

-    def __call__(self, request: HttpRequest):
-        # Override the host with the PUBLIC_URL environment variable
+    def __call__(self, request):
        public_url = os.getenv('PUBLIC_URL', None)
        if public_url:
-            # Split the public URL to extract the host and port (if available)
-            host = public_url.split("//")[-1].split("/")[0]
-            request.META['HTTP_HOST'] = host  # Override the HTTP_HOST header
+            # Extract host and scheme
+            scheme, host = public_url.split("://")
+            request.META['HTTP_HOST'] = host
+            request.META['wsgi.url_scheme'] = scheme
+
+            # Set X-Forwarded-Proto for Django
+            request.META['HTTP_X_FORWARDED_PROTO'] = scheme
+
        response = self.get_response(request)
        return response
--- a/backend/server/main/settings.py
+++ b/backend/server/main/settings.py
@ -139,6 +139,8 @@ SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) >
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.7/howto/static-files/

+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+

 BASE_DIR = Path(__file__).resolve().parent.parent
 STATIC_ROOT = BASE_DIR / "staticfiles"