TechQA.

UWSGI implement hsts on Heroku

418 views Asked by At

I've followed one of uwsgi's snippets to try to enable hsts. Here's my current configuration:

[uwsgi]
http-socket = :$(PORT)
master = true
processes = 4
die-on-term = true
module = webapp:app
memory-report = true
check-static = %v/webapp/static/
route= ^/?$ static:%v/webapp/static/pages/index.html

route-host = ^localhost:(?:[0-9]+)$ last:
route-if-not = equal:${HTTPS};on redirect-permanent:https://${HTTP_HOST}${REQUEST_URI}
route-if = equal:${HTTPS};on addheader:Strict-Transport-Security: max-age=31536000
route = .* last:

What I'm trying to do is enforce hsts for anything except localhost. The site works on localhost, but on heroku, requests to the home page don't get redirected at all, and requests to static assets get into an infinite loop where even https requests get redirected.

EDIT

The problem is that Heroku's load balancer doesn't connect securely to the dyno. Is there a way to route based on the X-Forwarded-Proto header, or based on the complete request url including protocol (so I could match it to ^https:)?

http heroku routes uwsgi hsts
Original Q&A
1

There are 1 answers

0
joerick On BEST ANSWER

This is working for me:

route-if = equal:${HTTP_X_FORWARDED_PROTO};http redirect-permanent:https://${HTTP_HOST}${REQUEST_URI}

Related Questions in HTTP

Related Questions in HEROKU

Related Questions in ROUTES

Related Questions in UWSGI

Related Questions in HSTS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions