We have a website called flaskapp.com that is built with Flask and deployed on Heroku. Depending on the subdomain, the browser says our website is Secure or Not Secure.
If we visit http://flaskapp.com the browser says Not Secure. But if we enter https://www.flaskapp.com or www.flaskapp.com the browser will say it is secure.
We tried redirecting requests to HTTP urls to go to HTTPS instead by doing this
@app.before_request
def before_request():
if app.config['ENV'] == 'production' and not request.is_secure:
url = request.url.replace('http://', 'https://', 1)
code = 301
return redirect(url, code=code)
But this didn't work for us because request.is_secure returns True even when we go to http:// which the browser says is not secure. We currently have SSL certificates automatically managed by heroku, and we have the www.flaskapp.com domain added to the heroku settings.
I also noticed that if we visit http://flaskapp.com, there is a subsequent request to https://flaskapp.herokuapp.com, but this url is not requested when we go to https:// or www
Aucun commentaire:
Enregistrer un commentaire