🔧(backend) activate https on oidc redirection

mozilla-django-oidc didn't add the `https` prefix to the redirect_uri. We set the option SECURE_PROXY_SSL_HEADER to ('HTTP_X_FORWARDED_PROTO', 'https') in the settings.py file to force the https prefix.
2024-06-03 14:27:45 +02:00
parent 35a897fa60
commit 54b7a637fe
1 changed files with 1 additions and 1 deletions
--- a/src/backend/people/settings.py
+++ b/src/backend/people/settings.py
@@ -525,7 +525,7 @@ class Production(Base):
    # - Your proxy sets the X-Forwarded-Proto header and sends it to Django
    #
    # In other cases, you should comment the following line to avoid security issues.
-    # SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")

    # Modern browsers require to have the `secure` attribute on cookies with `Samesite=none`
    CSRF_COOKIE_SECURE = True