Use SECURE_SSL_REDIRECT to ensure requests are routed to https always

2026-03-05 21:29:11 +00:00 · 2024-04-09 10:18:12 +05:30
parent 1c229dad91
commit ab51ae9091
1 changed files with 2 additions and 0 deletions
--- a/src/khoj/app/settings.py
+++ b/src/khoj/app/settings.py
@@ -45,9 +45,11 @@ if DEBUG or os.getenv("KHOJ_DOMAIN") == None:
    SESSION_COOKIE_DOMAIN = "localhost"
    CSRF_COOKIE_DOMAIN = "localhost"
 else:
+    # Production Settings
    SESSION_COOKIE_DOMAIN = KHOJ_DOMAIN
    CSRF_COOKIE_DOMAIN = KHOJ_DOMAIN
    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTOCOL", "https")
+    SECURE_SSL_REDIRECT = True

 SESSION_COOKIE_SECURE = True
 CSRF_COOKIE_SECURE = True