Closed hugomoran159 closed 2 months ago
Just curious, why do people want to develop locally with https?
I needed to use the quickbooks production api to pull transaction data for my company. It required https otherwise it only let you use sandbox accounts which don't have any of the real data. I think a few other APIs also require https.
The existing documentation no longer works as described.
Yes, it's been like this almost since it was added (https://github.com/cookiecutter/cookiecutter-django/issues/2840). Having it in a docs was a mistake, we should either support it as first party or not. The current docs might be a good exteranl blog post, but I have no interest in maintaining it.
We had a PR sent to "fix" them #3111 but sadly it's included a lot of changes which are too out of scope...
Just curious, why do people want to develop locally with https?
Though in my opinion, prefer using cloudflare tunnels as it's free and provides custom subdomain using your dns records. Makes it easier than ngrok where the subdomain keep changing on every run (on the free plan).
https://webhook.site/ can do a XHR Redirect to your localhost
Though in my opinion, prefer using cloudflare tunnels as it's free and provides custom subdomain using your dns records. Makes it easier than ngrok where the subdomain keep changing on every run (on the free plan).
Imho is the point not which tunnel to use (ngrok or cloudflare) but the configuration required for letting django accept https in combination with local development and stuff like csrf.
The existing documentation no longer works as described.
Yes, it's been like this almost since it was added (#2840). Having it in a docs was a mistake, we should either support it as first party or not. The current docs might be a good exteranl blog post, but I have no interest in maintaining it.
We had a PR sent to "fix" them #3111 but sadly it's included a lot of changes which are too out of scope...
I am sorry @browniebroke and fellow Djangonista,
I recently updated my local HTTPS set up with a mind to clean up the docs. I hope to do that until everyone is happy. I have some free time to this.
My plan is to remove the current instructions, write an blog post on my site with all the options available to Cookiecutter Django for a local HTTPS environment and link the article to the docs.
The other option is to make it a first class option. This means adding it to the project setup as an option and have it working from the get go.
What do you guys think?
If we can add https to local development that works out of the box, I think having it as a first class option would make sense. Nobody is deploying to production without https anymore these days. Having a development environment with https involved would make sense.
Description
Change the documentation for developing locally with HTTPS to use ngrok.
Rationale
The existing documentation no longer works as described.
Implementation
ngrok allows a user to connect localhost to the internet for testing applications and APIs
brew install ngrok/ngrok/ngrok
ornpm install -g ngrok
Register for account - get AUTH_TOKEN
ngrok config add-authtoken <AUTH_TOKEN>
ngrok http localhost:8000 - get URL
In config/settings/local.py
add ngrok domain to ALLOWED_HOSTS
ALLOWED_HOSTS
= ["localhost", "0.0.0.0", "127.0.0.1",".ngrok-free.app"]
add HTTPS configuration
CSRF_TRUSTED_ORIGINS = ['https://*.ngrok-free.app']
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
ngrok URL should now serve localhost