9

I want to check if my site is running under HTTPS from within my template so that I can conditionally add S's to the HTTPs of my external javascript libraries (namely, jQuery). How can I do that?

mpen
  • 272,448
  • 266
  • 850
  • 1,236
  • This can also be handled by middleware: [http://stackoverflow.com/questions/7566112/how-to-implement-httpsssl-middleware-in-django/37599845#37599845](http://stackoverflow.com/questions/7566112/how-to-implement-httpsssl-middleware-in-django/37599845#37599845) – Luke Dupin Jun 02 '16 at 18:45
  • 1
    @LakeDupin That middleware is for forwarding to HTTPS which is a bit more than I was asking for, but inside lies the secret sauce: `request.is_secure()`. However, that's [already been posted](http://stackoverflow.com/a/4360699/65387). – mpen Jun 02 '16 at 19:58
  • LakeDupin lol =) Cool I'm happy you have an answer that works!!! Just wanted to offer a middleware solution if that was more fitting for someone else in the future. Happy coding. – Luke Dupin Jun 03 '16 at 18:08

5 Answers5

14

If your resources are hosted on the same machine as you are serving requests from, it may not need to specify a url scheme at all:

<script src="/static/js/myfile.js" type="text/javascript"></script>

This will use the same protocol (http or https) and server as the request to the original page.

Edit 2 (2016):

If you're accessing a resource on another server, the best solution now (as pointed out by mpen below) is to use the relative URL scheme:

<script src="//media.example.com/static/js/myfile.js" type="text/javascript"></script>

This will automatically connect to the server using http or https depending on the connection to the current page.

Note that this may cause some problems if you need to support old browsers.

Edit: Alternatively, if you really need the info in your template for some reason, you can add the request context processor, and use a RequestContext in your views. This places a request variable in your template context, which gives you access to the HttpRequest object. You can then test if the request is secure by checking the value of request.is_secure

For example:

<script src="http{% if request.is_secure %}s{% endif %}://media.example.com/static/js/myfile.js" type="text/javascript"></script>
Community
  • 1
  • 1
Gabriel Grant
  • 5,415
  • 2
  • 32
  • 40
  • I am using relative URLs, but Google is hosting my jQuery... not so helpful ;) Your alternative solution looks viable... hope it works on my server. – mpen Dec 05 '10 at 21:51
  • This is the most upvoted answer in this thread, but I think the relative scheme will be way more helpful: http://stackoverflow.com/a/13728686/217649 – Pieter Jun 05 '16 at 14:44
  • @Pieter yup, you're right -- that's a better approach now. I don't believe that was as widely supported in 2010 as it is today. – Gabriel Grant Jun 16 '16 at 19:30
7

I'm not sure if Google did this at the time I asked this question, but they now recommend you add the library via

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>

The // will use whatever scheme you are currently using -- no extra code or conditionals required.

mpen
  • 272,448
  • 266
  • 850
  • 1,236
6

Check the request in the View with is_secure(), and send it to the template.

JAL
  • 21,295
  • 1
  • 48
  • 66
1

Please consider using the {% static %} template tag (in Django >= 1.4) which can be configured to host media files on a separate domain or server. This will do away with your is_secure problem.

https://docs.djangoproject.com/en/dev/ref/contrib/staticfiles/#std:templatetag-staticfiles-static

Krystian Cybulski
  • 10,789
  • 12
  • 67
  • 98
0

for checking the connection scheme, you can use the request.scheme attribute

{% if request.scheme == "http" %}

{% elif request.scheme == "https" %}

{% endif %}
Al Mahdi
  • 635
  • 1
  • 9
  • 16