I recently deployed a Flask application on Heroku just for testing purposes. However, I noticed that the URL was in HTTPS even though I didn't have any SSL Certificates or enabled Automatic Certificate Management. Can someone please explain why this is the case?
Regardless, I still noticed that my cookies were not being saved even though I had SameSite=None enabled - which means it's showing an HTTPS URL but the connection is not in HTTPS..?
I appreciate any support this community provides :)
Related
My site, https://hendrixia.com, gives an 500 Internal Server error for some users but not others. I have someone helping me debug, but without fruition. He is getting 500 internal server errors on his personal computer and at one of his webservers. I am able to load the site fine. We have no clue what is wrong. Obviously I'm not going to turn debugging on on a live site. But we are running out of options. Can anyone help?
Site is built with python/django. postgresql db. hosted at heroku
Things we've confirmed:
Ipv6 requests are handled correctly
https redirect and www redirect are fine
Things that may be suspect:
I recently removed django-machina from the project entirely. Along (removed) with it went haystack, ckeditor, and other required packages
Non-logged in users got the error but logged in users didn't.
Our end-to-end tests use Django's LiveServerTestCase with Selenium. So far we have only been able to run these on insecure urls. However, some of the libraries that we use (Square) require a page to be on https even in sandbox mode.
When attempting to connect to a secure url, Selenium/Chrome Webdriver simply shows the standard SSL not supported error:
This site can’t provide a secure connection chezpierre.localtest.me sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Does anyone know if it is possible to enable https on a LiveServerTestCase?
If not, does anyone have a working workaround for this? I'm trying to avoid running a separate https proxy on our build box, but it seems like it might be the only way.
After quick research I found out that this is impossible in Django suggested by this old code ticket https://code.djangoproject.com/ticket/25328
I also found out that you could setup a tunnel to bypass this issue. However this applies to django development server. This is kind of tricky so I am leaving links to posts as the method is rather long:
https://www.ianlewis.org/en/testing-https-djangos-development-server
or
How can I test https connections with Django as easily as I can non-https connections using 'runserver'?
ALTERNATIVE - In my opinion better
There is also a simpler way using an external package. It gives you out of the box a https capable django development server. The project is active and maintained
https://github.com/teddziuba/django-sslserver
I want to use PayPal in a Django Project and in order to do this I need Django to work with TSL 1.2. Since I haven't worked with such encryption yet, I need advice on how to setup Django in a way that works with an https version that works with PayPal. I already have a working ssl certificate and was able to use django-sslserver to make Django work with https, but PayPal still does not work with it. Could someone give a hint were I should be looking into for this kind of thing?
If you have a self-signed SSL certificate, then this is not going to work. You can get a free SSL certificate at Let's encrypt: https://letsencrypt.org/.
If you use the Javascript API your site has to be served over HTTPS as well because of CORS.
I have a python webapp that is called through Apache with mod_wsgi on a server behind our firewall, and we've configured a public-facing webserver to act as a reverse proxy to access the webapp. I've timed access to a reference page returned by the app via the following routes:
from the machine it is running on (localhost): ~300ms
from my workstation over VPN directly to the server: ~500ms
through the reverse proxy: ~2000ms!
One caveat is that the public-facing proxy is using HTTPS, the others are not, but I find it hard to believe that's causing a 1.5s hit. I'm not really a configuration wizard, so what should I look at to try to figure out what's causing this poor performance?
I been using python to create an web app and it has been doing well so far. Now I would like to encrypt the transmission of the data between client and server using https. The communication is generally just post form and web pages, no money transactions are involve. Is there anything I need to change to the python code except setting the server up with certificate and configurate it to use https? I see a lot of information regarding ssl for python and I not sure if I need those modules and python setup to make https work.
Thanks
Typically, the ssl part for Python web app is managed by some frontend web server like nginx, apache or so.
This does not require any modification of your code (assuming, you are not expecting user to authenticate by ssl certificate on client side, what is quite exotic, but possible scenario).
If you want to run pure Python solution, I would recommend using cherrypy, which is able providing rather reliable and performant web server part (it will be very likely slower then served behind nginx or apache).