From 281268586810b124aed37eede7b8a1e881bcb804 Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Sun, 18 Nov 2018 22:05:05 -0700
Subject: [PATCH] Move Django to https

---
 authserver/authserver/settings.py | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/authserver/authserver/settings.py b/authserver/authserver/settings.py
index b0aae22..e6e3586 100644
--- a/authserver/authserver/settings.py
+++ b/authserver/authserver/settings.py
@@ -47,12 +47,6 @@ REST_FRAMEWORK = {
     ),
 }
 
-#CORS_ORIGIN_WHITELIST = (
-#    'localhost:8000',
-#)
-
-CORS_ORIGIN_ALLOW_ALL = True
-
 MIDDLEWARE = [
     'corsheaders.middleware.CorsMiddleware',
     'django.middleware.security.SecurityMiddleware',
@@ -82,10 +76,18 @@ TEMPLATES = [
     },
 ]
 
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+
 WSGI_APPLICATION = 'authserver.wsgi.application'
 
 ALLOWED_HOSTS = ['localhost', '127.0.0.1', '172.17.17.65', 'tools-auth.protospace.ca']
 
+#CORS_ORIGIN_WHITELIST = (
+#    'localhost:8000',
+#)
+
+CORS_ORIGIN_ALLOW_ALL = True
+
 # Database
 # https://docs.djangoproject.com/en/2.1/ref/settings/#databases