From 54b7a637fe4017d298a3e29bbb9fe219b9c25611 Mon Sep 17 00:00:00 2001
From: Anthony LC <anthony.le-courric@mail.numerique.gouv.fr>
Date: Mon, 3 Jun 2024 14:27:45 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(backend)=20activate=20https=20on?=
 =?UTF-8?q?=20oidc=20redirection?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

mozilla-django-oidc didn't add the `https`
prefix to the redirect_uri.
We set the option SECURE_PROXY_SSL_HEADER to
('HTTP_X_FORWARDED_PROTO', 'https') in the
settings.py file to force the https prefix.
---
 src/backend/people/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/people/settings.py b/src/backend/people/settings.py
index f609a22..09d5169 100755
--- a/src/backend/people/settings.py
+++ b/src/backend/people/settings.py
@@ -525,7 +525,7 @@ class Production(Base):
     # - Your proxy sets the X-Forwarded-Proto header and sends it to Django
     #
     # In other cases, you should comment the following line to avoid security issues.
-    # SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
     # Modern browsers require to have the `secure` attribute on cookies with `Samesite=none`
     CSRF_COOKIE_SECURE = True