Ability to run test example with the reverse proxy (nginx)

dmitry-viskov · Mar 31, 2020 · 50cd2a1 · 50cd2a1
1 parent 1ac6c1e
commit 50cd2a1
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/game/game/settings.py b/game/game/settings.py
@@ -62,6 +62,7 @@
 SESSION_COOKIE_NAME = 'sessionid'
 SESSION_COOKIE_SAMESITE = None  # should be set as 'None' for Django >= 3.1
 SESSION_COOKIE_SECURE = False  # should be True in case of HTTPS usage (production)
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
 # Database
 # https://docs.djangoproject.com/en/1.11/ref/settings/#databases

diff --git a/game/game/templates/check_cookie.html b/game/game/templates/check_cookie.html
@@ -9,6 +9,7 @@
 <script type="text/javascript">
 var loginUniqueId = "{{ login_unique_id }}";
 var sameSite = "{{ same_site }}";
+var siteProtocol = "{{ site_protocol }}";
 
 var displayContent = function () {
      var resp = JSON.parse(this.responseText);
@@ -33,7 +34,7 @@
 var checkCookiesAllowed = function () {
     var currentTimestamp = (!Date.now ? +new Date() : Date.now());
     var newCookie = "test_cookie=" + currentTimestamp + "; path=/";
-    if (window.location.protocol === 'https:') {
+    if (siteProtocol === 'https') {
         if (sameSite !== '') {
             newCookie = newCookie + '; SameSite=' + sameSite;
         }

diff --git a/game/game/views.py b/game/game/views.py
@@ -104,6 +104,7 @@ def login(request):
         return render(request, 'check_cookie.html', {
             'login_unique_id': login_unique_id,
             'same_site': getattr(settings, 'SESSION_COOKIE_SAMESITE'),
+            'site_protocol': 'https' if request.is_secure() else 'http',
             'page_title': PAGE_TITLE
         })