fix: enhance middleware to set HTTP_X_FORWARDED_PROTO and secure proxy SSL header

backend/server/adventures/middleware.py

@@ -31,12 +31,16 @@ class OverrideHostMiddleware:
     def __init__(self, get_response):
         self.get_response = get_response
 
-    def __call__(self, request: HttpRequest):
+    def __call__(self, request):
-        # Override the host with the PUBLIC_URL environment variable
         public_url = os.getenv('PUBLIC_URL', None)
         if public_url:
-            # Split the public URL to extract the host and port (if available)
+            # Extract host and scheme
-            host = public_url.split("//")[-1].split("/")[0]
+            scheme, host = public_url.split("://")
-            request.META['HTTP_HOST'] = host  # Override the HTTP_HOST header
+            request.META['HTTP_HOST'] = host
+            request.META['wsgi.url_scheme'] = scheme
+
+            # Set X-Forwarded-Proto for Django
+            request.META['HTTP_X_FORWARDED_PROTO'] = scheme
+
         response = self.get_response(request)
         return response

backend/server/main/settings.py

@@ -139,6 +139,8 @@ SESSION_COOKIE_DOMAIN = '.' + '.'.join(domain_parts[-2:]) if len(domain_parts) >
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.7/howto/static-files/
 
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
 
 BASE_DIR = Path(__file__).resolve().parent.parent
 STATIC_ROOT = BASE_DIR / "staticfiles"