Forcing HTTPS

For some web sites you might want to not just offer HTTPS access to your users -- you might want to force all connections to go through HTTPS. There are different ways to do that for different web frameworks. Here are some -- if you don't see the framework you use, let us know with the "Send Feedback" link above.

Django (1.8 or higher)

In settings.py, set:

SECURE_SSL_REDIRECT = True

Django (older versions)

Just

pip install --user django-sslify

Or install it into your virtualenv if you're using one.

Then add the middleware as the first middleware class you have in settings.py. Also note that it won't force SSL if you have DEBUG = True in your settings (which in turn means you'll need to make sure that ALLOWED_HOSTS is set up properly).

web2py

Uncomment this line in db.py:

request.requires_https()

Flask

Use this Flask extension.

Bottle

Use this Bottle extension.