HTTPS equivalent of Django's HttpResponse

Question

For some reason I am in need of a views.py that returns only some text. Normally, i'd use HttpResponse("text") for this. However, In this case I require the text to be send over https, to counter the inevitable mixed content warning.

What is the simplest way of sending pure text via django(1.7.11) over https?

Is a view required for this? I've done this kind of thing for things like google verification URLs directly like this: url(r'google\.html$', lambda r: HttpResponse("google-site-verification: google.html", content_type="text/plain")). Not sure if this will work in your case. — rob, Dec 05 '17 at 21:24
This question appears to be based on a fundamental misunderstanding. HttpResponse doesn't specify that the response is sent over HTTP; the view - and in fact Django itself - has nothing to do with the method of communication with the client, that is entirely the responsibility of the server. — Daniel Roseman, Dec 06 '17 at 11:20
@DanielRoseman Thank you, there was indeed a misunderstanding. This means that the original question "simplest way of sending text over https" would simply be HttpResponse? — Mitchell van Zuylen, Dec 06 '17 at 14:30

score 0 · Answer 1 · answered Dec 05 '17 at 18:27

I've run into the mixed content problems as well. From my experience, you simply can't use the HttpResponse objects without running into trouble. I was never totally sure though and eventually found a way "around" it.

My solution for it was to use the JsonResponse object instead, to return JSON strings, kind of a work-around with the views returning something like:

mytext = 'stuff blablabla'
return JsonResponse({'response_text': mytext})

Which is super easy to parse, and OK with HTTPS. Maybe not what you're looking for, but I hope it helps you find your way.

raratiru · Accepted Answer · 2017-12-06T12:13:05.383

Django in the relevant docs of httprequest.build_absolute_uri reads:

Mixing HTTP and HTTPS on the same site is discouraged, therefore build_absolute_uri() will always generate an absolute URI with the same scheme the current request has. If you need to redirect users to HTTPS, it’s best to let your Web server redirect all HTTP traffic to HTTPS.

The docs make clear that

the method of communication is entirely the responsibility of the server

as Daniel Roseman commented.

My prefered choice is to force https throughout a site, however it is possible to do it only for a certain page.

The above can be achieved by either:

Upgrading to a secure and supported release of Django where the use of SECURE_SSL_REDIRECT and SecurityMiddleware will redirect all traffic to SSL
Asking your host provider an advice on how could this be implemented in their servers
Using the apache config files.
Using .htaccess to redirect a single page.

There are also other -off the road- hackish solutions like a snippet which can be used with a decorator in urls.py to force https, or a custom middleware that redirects certain urls to https.

I do need to force https. The decorator should work, but indeed seems a bit hacky. — Mitchell van Zuylen, Dec 05 '17 at 19:47
@MitchellvanZuylen I have reformed my answer to make clear that there are plenty of legitimate solutions before you decide to chose a hackish one. — raratiru, Dec 06 '17 at 12:16

HTTPS equivalent of Django's HttpResponse

2 Answers2