Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.

#1 Jan. 1, 2011 19:17:59

Jakob H.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Ajax and SSL


Hi,

I'm using Satchmo to build a store for a Django-powered webpage.
Satchmo provides a convenient middleware
('satchmo_store.shop.SSLMiddleware.SSLRedirect') which allows me to
add { 'SSL' : True } arguments to my view specifications (in urls.py).
This forwards requests to using the HTTPS protocol when so specified.
There are other middlewares that do roughly the same thing, so this is
not necessarily Satchmo-specific.

I have some views configured to be forwarded to using SSL (HTTPS
protocol). However, I also have some general Ajax views configured.
E.g. I have one that updates a progress bar on every page once that
page has loaded.

The problem is the following: consider me having the following
(abstract) specification in urls.py:

VIEW1
AJAX1

where a client-side call to AJAX1 is performed once the page has fully
loaded as generated by VIEW1. The page generated by VIEW1 should call
AJAX1 using the HTTPS protocol, but the convenient middleware will
forward it to HTTP, as specified above, which will cause problems
(i.e. it will not work). If I set AJAX1 I will get problems
when I access views using the HTTP protocol.

Is there a way to make use of the above-mentioned convenient
declarative middleware (just adding { 'SSL' : True } in view-
specifications), but get around these kinds of problems?

What are some common design patterns for these kinds of problems?

Thanks,
Jakob

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#2 Jan. 2, 2011 16:26:46

a.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Ajax and SSL


Would one of the following work?

1. Hardcore https in the VIEW1 template
2. Write response middleware that, if the request is secure, basically
does s/http/https/g on the response text (this obviously gets all
other URLs as well, which you may not want)
3. Add another MEDIA_URL like variable to settings: eg: AJAX_URL which
is absolute with https

If your template is used by more than one view you could also write a
context processor that, if the request is secure, changes AJAX_URL
accordingly to be http or https.

Hope that helps


On Jan 1, 11:17 am, Jakob H <jakob.henriks...@gmail.com> wrote:
> Hi,
>
> I'm using Satchmo to build a store for a Django-powered webpage.
> Satchmo provides a convenient middleware
> ('satchmo_store.shop.SSLMiddleware.SSLRedirect') which allows me to
> add { 'SSL' : True } arguments to my view specifications (in urls.py).
> This forwards requests to using the HTTPS protocol when so specified.
> There are other middlewares that do roughly the same thing, so this is
> not necessarily Satchmo-specific.
>
> I have some views configured to be forwarded to using SSL (HTTPS
> protocol). However, I also have some general Ajax views configured.
> E.g. I have one that updates a progress bar on every page once that
> page has loaded.
>
> The problem is the following: consider me having the following
> (abstract) specification in urls.py:
>
> VIEW1
> AJAX1
>
> where a client-side call to AJAX1 is performed once the page has fully
> loaded as generated by VIEW1. The page generated by VIEW1 should call
> AJAX1 using the HTTPS protocol, but the convenient middleware will
> forward it to HTTP, as specified above, which will cause problems
> (i.e. it will not work). If I set AJAX1 I will get problems
> when I access views using the HTTP protocol.
>
> Is there a way to make use of the above-mentioned convenient
> declarative middleware (just adding { 'SSL' : True } in view-
> specifications), but get around these kinds of problems?
>
> What are some common design patterns for these kinds of problems?
>
> Thanks,
> Jakob

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#3 Jan. 26, 2011 15:43:26

Tom E.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Ajax and SSL


On Sat, Jan 1, 2011 at 7:17 PM, Jakob H <jakob.henriks...@gmail.com> wrote:
> Hi,
>
> I'm using Satchmo to build a store for a Django-powered webpage.
> Satchmo provides a convenient middleware
> ('satchmo_store.shop.SSLMiddleware.SSLRedirect') which allows me to
> add { 'SSL' : True } arguments to my view specifications (in urls.py).
> This forwards requests to using the HTTPS protocol when so specified.
> There are other middlewares that do roughly the same thing, so this is
> not necessarily Satchmo-specific.
>
> I have some views configured to be forwarded to using SSL (HTTPS
> protocol). However, I also have some general Ajax views configured.
> E.g. I have one that updates a progress bar on every page once that
> page has loaded.
>
> The problem is the following: consider me having the following
> (abstract) specification in urls.py:
>
> VIEW1
> AJAX1
>
> where a client-side call to AJAX1 is performed once the page has fully
> loaded as generated by VIEW1. The page generated by VIEW1 should call
> AJAX1 using the HTTPS protocol, but the convenient middleware will
> forward it to HTTP, as specified above, which will cause problems
> (i.e. it will not work). If I set AJAX1 I will get problems
> when I access views using the HTTP protocol.
>
> Is there a way to make use of the above-mentioned convenient
> declarative middleware (just adding { 'SSL' : True } in view-
> specifications), but get around these kinds of problems?
>
> What are some common design patterns for these kinds of problems?
>
> Thanks,
> Jakob
>

I don't use satchmo, but is there a third option for SSL, None? In my
SSL middleware, setting SSL to True implies that the view must be
loaded over SSL, setting it to False implies that it must not be, and
not setting it implies that the middleware should stay out of it.

If you can finagle that, then you should do so for your your AJAX
views, and refer to them in your templates/JS using URI references
rather than an absolute URI ('/foo/bar/' rather than
'http://wibble.com/foo/bar/'). This way, the browser will DTRT with
the protocol when making the ajax call - SSL when the view is loaded
over SSL, HTTP otherwise.


Cheers

Tom

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

Board footer

Moderator control

Enjoy the 24th of October
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support