Re: Dynamically adjusting STATIC_URL depending on http or https requests?

[Nickolas Grigoriadis]

What about 2 settings files, for the different instances? One for HTTP and one for HTTPS?

You can partially override settings by doing something like this:

from foo.settings.prod import *
# Add local overrides here

Regards,
Nickolas

On Monday, 6 August 2012 07:34:40 UTC+2, Mark Gemmill wrote:

I've been tackling the problem of serving both the frontend (http) and the admin (https) site of a Django application from a single instance of the application.

I ran a successful test on webfaction serving the application with nginx+gunicorn and having nginx take care of redirecing /admin urls to https. So far, so 

good, except that the sites STATIC_URL is either http or https and then I run into browsers not playing nice with mixed content.

It seems to me that if I could somehow arrange for the STATIC_URL to dynamically adjust itself to use https:// when Django handles a request that is secured, 

then the problem would go away.  I tried just setting the context value of STATIC_URL in a template context processor function, but templates that use the 'static' template 

tag are not effected by this trick. Is there another way this can be accomplished?

[Mark Gemmill]

I am not sure how that would work. Remember, this is a single instance of django - i.e. I'm not running the https/admin part of the 

site as a separate instance and therefore have only one settings file.

What I came up with so far was to create 2 static url settings:

STATIC_URL = 'https://secureded/admin/static/'

NON_SECURE_STATIC_URL = 'http://non/admin/static/'

Then I added this function to the TEMPLATE_CONTEXT_PROCESSORS settings:

def manage_static_url(request):

    if not request.is_secure():

        return { 'STATIC_URL': settings.NON_SECURE_STATIC_URL }

Fortunately, in my templates I used the convention of {{ STATIC_URL }}path/to/static/resource for all my static urls, 

so adjusting the template context value of STATIC_URL works here. The admin templates all use {% static path/to/static/resource %} 

which seems to pull the STATIC_URL directly from the settings file. So, given my particular usage this works. A part 

of me feels like there should be a better way of doing this, but maybe this is as close as I'm going to get.

[Melvyn Sopacua]

On 6-8-2012 17:56, Mark Gemmill wrote:
> I am not sure how that would work. Remember, this is a single instance of
> django - i.e. I'm not running the https/admin part of the
> site as a separate instance and therefore have only one settings file.
>
> What I came up with so far was to create 2 static url settings:
>

> *STATIC_URL = 'https://secureded/admin/static/'*
> *NON_SECURE_STATIC_URL = 'http://non/admin/static/'*

Do you require the server name in STATIC_URL, meaning they're served on
a different hostname? If so, you can still solve your problem with nginx
rewrite module:
server {
# normal server, listen params etc
location /static/ {
rewrite ^/(.*)$ http://non/$1 last;
}
}
server {
# ssl, listen params, ssl params
location /static/ {
rewrite ^/(.*)$ https://secured/$1 last;
}
}

Then in settings.py:
STATIC_URL = '/static/'
--
Melvyn Sopacua

[Nikolas Stevenson-Molnar]

You could use a schemeless URL for STATIC_URL. E.g:

STATIC_URL = "//static.yourdomain.com"

_Nik

[Mark Gemmill]

Nik, 

You are absolutely right, that's the ticket. Of course, given that I'm not serving the static media from a sub domain, I can can also just use a relative url as well (STATIC_URL = '/static/'). 

Setting up the main/http vs. admin/https redirects/rewrites on the webserver (first time I've tried that) had me thinking I required the full url for it to work properly. This is so much easier. Thanks for that. 

Mark