Bird
0
0

How can you configure Django to trust HTTPS headers from a proxy and ensure secure cookies are sent correctly?

hard📝 Application Q9 of 15
Django - Security Best Practices
How can you configure Django to trust HTTPS headers from a proxy and ensure secure cookies are sent correctly?
ASet <code>SESSION_COOKIE_SECURE = False</code>
BSet <code>SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')</code>
CSet <code>CSRF_COOKIE_SECURE = False</code>
DSet <code>SECURE_SSL_REDIRECT = False</code>
Step-by-Step Solution
Solution:

  1. Step 1: Understand proxy HTTPS header

    Proxies often forward the original protocol in the HTTP_X_FORWARDED_PROTO header.

  2. Step 2: Configure Django to trust this header

    Setting SECURE_PROXY_SSL_HEADER tells Django to trust this header and treat requests as HTTPS, enabling secure cookie sending.

  3. Final Answer:

    Set SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') -> Option B

  4. Quick Check:

    Trust proxy HTTPS header for secure cookies [OK]
Quick Trick: Use SECURE_PROXY_SSL_HEADER to trust proxy HTTPS [OK]
Common Mistakes:
MISTAKES
  • Disabling secure cookie flags instead of fixing headers
  • Ignoring proxy header configuration
  • Turning off SSL redirect unnecessarily

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Async Django - When async helps and when it does not - Quiz 4medium Async Django - Channels for WebSocket support - Quiz 4medium Caching - Per-view caching - Quiz 2easy Caching - Why caching matters for performance - Quiz 7medium Celery and Background Tasks - Task retry and error handling - Quiz 11easy Celery and Background Tasks - Celery installation and setup - Quiz 11easy Celery and Background Tasks - Defining tasks - Quiz 9hard DRF Advanced Features - Search and ordering - Quiz 6medium Security Best Practices - Content Security Policy - Quiz 9hard Signals - Connecting signal handlers - Quiz 13medium