django-canonical-domain - Canonical domain redirection for Django

Version 0.11-1-ga9092e2

This module allows redirecting all requests for a given Django instance to a single canonical domain and optionally enforcing HTTPS for all requests as well.

Installation and usage

  • pip install django-canonical-domain

  • Add canonical_domain to INSTALLED_APPS and canonical_domain.middleware.canonical_domain to your MIDDLEWARE setting. Ensure that you add this middleware before django.middleware.security.SecurityMiddleware.

  • Set SECURE_SSL_HOST = 'example.com' in your settings.

  • Optionally set SECURE_SSL_REDIRECT = True if you want to enforce HTTPS.

  • django-canonical-domain also respects SECURE_REDIRECT_EXEMPT settings. In the case path matches the regex the url will be redirected to SECURE_SSL_HOST, but the protocol will not be changed.

Configuration

CANONICAL_DOMAIN_EXEMPT

Default: None

A function which receives the request object and returns True if the request shouldn’t be redirected to the canonical domain. HTTPS will still be enforced when SECURE_SSL_REDIRECT is set.

If you want to allow api.example.com in addition to example.com you could set CANONICAL_DOMAIN_EXEMPT = lambda request: request.get_host() == "api.example.com". The setting also supports a dotted Python path to a function.

Change log

Next version

0.11 (2024-08-09)

  • Changed CANONICAL_DOMAIN_EXEMPT to be a function or a dotted Python path to a function instead of a list of regexes. It’s more flexible.

0.10 (2024-08-08)

  • Added the requirement that canonical_domain be added to INSTALLED_APPS because otherwise the system checks wouldn’t run at all.

  • Added deploy checks which verify that SECURE_SSL_HOST and SECURE_SSL_REDIRECT have been set.

  • Added Django 5.1 to the CI matrix.

  • Added support for Django’s SECURE_REDIRECT_EXEMPT setting and support for adding additional hosts which shouldn’t be redirected. Thanks @PetrDlouhy!

0.9 (2022-01-31)

  • Added pre-commit.

  • Dropped support for Django < 3.2, Python < 3.8, added support for Django 4.0 and Python 3.10.

  • Switched back to using SECURE_SSL_REDIRECT and SECURE_SSL_HOST – introducing our own settings made it necessary to silence Django’s system checks for them. Let’s not do that anymore. Added system checks to ensure that the new settings are added correctly.

  • Added a system check which verifies that the canonical domain middleware appears before the security middleware in MIDDLEWARE.

0.4 (2021-07-20)

  • Dropped official support for Django < 2.2 and Python < 3.6.

  • Switched to a declarative setup.

  • Switched to GitHub actions.

  • Replaced the CanonicalDomainMiddleware with a new function-based canonical_domain middleware which does not extend SecurityMiddleware. You should add SecurityMiddleware yourself and remove the silencing of security.W001.

0.3 (2018-12-24)

  • Removed the self-deactivation of the middleware when DEBUG = True.

  • Reformatted the code using black.

  • Changed the middleware to only redirect safe methods (GET, HEAD, OPTIONS and TRACE).

0.2 (2017-07-12)

  • Merged CanonicalDomainMiddleware and SecurityCanonicalDomainMiddleware and added a new setting CANONICAL_DOMAIN_SECURE which replaces our usage of SECURE_SSL_REDIRECT.

  • Added some documentation.

  • Fixed links in the changelog.

0.1 (2017-07-12)

  • Initial public version.