Django -- Incorrect HTTP detection with reverse-proxy connecting via HTTPS

2019-07-01T00:00:00
ID B805D7B4-9C0C-11E9-97F0-000C29E96DB4
Type freebsd
Reporter FreeBSD
Modified 2019-07-01T00:00:00

Description

Django security releases issued:

When deployed behind a reverse-proxy connecting to Django via HTTPS, django.http.HttpRequest.scheme would incorrectly detect client requests made via HTTP as using HTTPS. This entails incorrect results for is_secure(), and build_absolute_uri(), and that HTTP requests would not be redirected to HTTPS in accordance with SECURE_SSL_REDIRECT.