I want to use PayPal in a Django Project and in order to do this I need Django to work with TSL 1.2. Since I haven't worked with such encryption yet, I need advice on how to setup Django in a way that works with an https version that works with PayPal. I already have a working ssl certificate and was able to use django-sslserver to make Django work with https, but PayPal still does not work with it. Could someone give a hint were I should be looking into for this kind of thing?
If you have a self-signed SSL certificate, then this is not going to work. You can get a free SSL certificate at Let's encrypt: https://letsencrypt.org/.
If you use the Javascript API your site has to be served over HTTPS as well because of CORS.
Related
Has anyone tried to execute a sharepoint function via python module through a proxy? I’ve tried to use shareplum and other python modules to execute the sharepoint calls, but run into an issue with the tls version not being valid or ssl error. I’ve tried setting the tls version, but still get an invalid version for the ssl or the tls version depending. I know I’m able to access the proxy, but fail to access the sharepoint site with a bad authentication.
I can access other sites via request, but I know that I need shareplum or something similar to execute the sharepoint site functions. If not going through a proxy, then I have no issue. However, my company recently deployed a proxy and now my script is no longer working. The code to use shareplum is similar to the code provide by the git project. However, the git project assumes straightforward communication to the web server with https or http
I’ve tried changing the tls version to default 1.1 and 1.2, but neither work. I’ve also tried setting the protocol to http verses https and tried to first pass the proxy server, but no success. I tried using proxy manager using the proxy, then using the created session to access the sharepoint site, but that also fails. Using the proxy manager caused a bad authentication with the sharepoint site.
I recently deployed a Flask application on Heroku just for testing purposes. However, I noticed that the URL was in HTTPS even though I didn't have any SSL Certificates or enabled Automatic Certificate Management. Can someone please explain why this is the case?
Regardless, I still noticed that my cookies were not being saved even though I had SameSite=None enabled - which means it's showing an HTTPS URL but the connection is not in HTTPS..?
I appreciate any support this community provides :)
Our end-to-end tests use Django's LiveServerTestCase with Selenium. So far we have only been able to run these on insecure urls. However, some of the libraries that we use (Square) require a page to be on https even in sandbox mode.
When attempting to connect to a secure url, Selenium/Chrome Webdriver simply shows the standard SSL not supported error:
This site can’t provide a secure connection chezpierre.localtest.me sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Does anyone know if it is possible to enable https on a LiveServerTestCase?
If not, does anyone have a working workaround for this? I'm trying to avoid running a separate https proxy on our build box, but it seems like it might be the only way.
After quick research I found out that this is impossible in Django suggested by this old code ticket https://code.djangoproject.com/ticket/25328
I also found out that you could setup a tunnel to bypass this issue. However this applies to django development server. This is kind of tricky so I am leaving links to posts as the method is rather long:
https://www.ianlewis.org/en/testing-https-djangos-development-server
or
How can I test https connections with Django as easily as I can non-https connections using 'runserver'?
ALTERNATIVE - In my opinion better
There is also a simpler way using an external package. It gives you out of the box a https capable django development server. The project is active and maintained
https://github.com/teddziuba/django-sslserver
I work in a secure environment where the company proxy does a man-in-the-middle attack on all inbound traffic. That means any HTTPS comes to me with a broken certificate.
It's unlikely that I'm going to be able to convince our network security people to stop doing this on my account. I'm not even going to try to fix that problem.
Unfortunately this affects my use of PyPI: I want to set up an Artifactory repository to mirror PyPI internally, but since the certificates are messed up Artifactory rejects any content.
It used to be possible to access PyPI's repository via HTTP, but this feature seems to have been recently disabled. I was wondering if there's an alternative way to access PyPI that doesn't use HTTPS - perhaps some barely documented back door?
The only alternative I can think of is to spin up a reverse proxy on AWS/Azure and use that to permit insecure access. Any suggestions?
I been using python to create an web app and it has been doing well so far. Now I would like to encrypt the transmission of the data between client and server using https. The communication is generally just post form and web pages, no money transactions are involve. Is there anything I need to change to the python code except setting the server up with certificate and configurate it to use https? I see a lot of information regarding ssl for python and I not sure if I need those modules and python setup to make https work.
Thanks
Typically, the ssl part for Python web app is managed by some frontend web server like nginx, apache or so.
This does not require any modification of your code (assuming, you are not expecting user to authenticate by ssl certificate on client side, what is quite exotic, but possible scenario).
If you want to run pure Python solution, I would recommend using cherrypy, which is able providing rather reliable and performant web server part (it will be very likely slower then served behind nginx or apache).