Force SSL/HTTPS and non-www in web2py

Update 02.08.2018: Code is updated to use just one line to force https:

request.requires_https()

=======

I read this

https://groups.google.com/forum/#!topic/web2py/RzJ4pYtAWF4

and

https://stackoverflow.com/questions/26802850/pythonanywhere-web2py-redirect-to-https

then I realized “cronjob” problem described in these answers are no longer relevant since `scheduler` has long since replaced `cron`

I created a new model secure.py and add:

########## FORCED SSL non-www ##########
session.secure()
if not request.is_https:
    redirect(URL(scheme='https', args=request.args, vars=request.vars))
request.requires_https()
if request.env.http_host.startswith("www."):
    redirect(URL(host=request.env.http_host[4:]))
#####################################

I skipped the cron part since scheduler has long since replaced cron in web2py.

I created separated model so I can specify only to have it on my server, not on my local macbook, using .gitignore (see #2 below)

2. I need only to use https at server, not local development environment (127.0.0.1:8000), so I put models/secure.py into my .gitignore

Hope this helps!

LiuYi.co

Science . Industry . Creativity

Force SSL/HTTPS and non-www in web2py