Middleware ====================================== Below is the list of middlewares available in this project. .. _SSLRedirectMiddleware: SSLRedirectMiddleware -------------------------------------- .. versionadded:: 0.2 This middleware handles redirecting the user onto SSL in two different ways. One way was made popular by `snippet 85 `_ is to pass an extra kwarg `SSL` in the url pattern for the view. This is handy when you are writing the views yourself and have control over the url patterns but is gets messy when you including third party urls. This also will not work for `contrib.flatpage` since they are not tied to a view. The second method is taken from `snippet 880 `_ which adds a setting :ref:`SSL_PATTERNS` which are used to match urls that should be forced onto SSL. You might want to force the admin to be used only on SSL such as .. code-block:: python SSL_PATTERNS = (r'^/admin/', ) This is a much more convienent method for handling large groups of urls or third party application urls than the first. However, in some ways it feels like double work of defining the url regular expressions. Together these middleware provides a good amount of flexibility in defining views/urls which require SSL. See also :ref:`SSLUserMiddleware`. .. versionadded:: 0.4 You can optionally redirect requests off of SSL by enabling :ref:`SSL_WHITELIST`. When enabled any HTTPS request which does not pass the `SSL` kwarg, use the :ref:`secure` decorator or match one of :ref:`SSL_PATTERNS` will be redirected back to HTTP. Additional middlware can also mark the request with `keep_secure` to keep the request from being redirected. .. _SSLUserMiddleware: SSLUserMiddleware -------------------------------------- .. versionadded:: 0.2 This middleware is a complement to :ref:`SSLRedirectMiddleware`. If it is included it will force authenticated users to always use SSL. To use this middleware you must be using `django.contrib.auth.middleware.AuthenticationMiddleware `_ and it must be included above :ref:`SSLUserMiddleware`. Note if you would like to use both :ref:`SSLRedirectMiddleware` and :ref:`SSLUserMiddleware` then :ref:`SSLUserMiddleware` should be included first. .. code-block:: python MIDDLEWARE_CLASSES = ( ... 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', ... 'hilbert.middleware.SSLUserMiddleware', 'hilbert.middleware.SSLRedirectMiddleware', )