深入研究一下代码,你会发现allauth
设置activate_url
使用 Django 内置的模板上下文变量build_absolute_uri
method:
https://github.com/pennersr/django-allauth/blob/master/allauth/account/models.py#L119 https://github.com/pennersr/django-allauth/blob/master/allauth/account/models.py#L119
...
activate_url = reverse("account_confirm_email", args=[self.key])
activate_url = request.build_absolute_uri(activate_url)
ctx = {
"activate_url": activate_url,
...
}
查看代码build_absolute_uri
你可以看到它需要一个环境变量:
https://github.com/django/django/blob/master/django/http/request.py#L153 https://github.com/django/django/blob/master/django/http/request.py#L153
def _get_scheme(self):
return 'https' if os.environ.get("HTTPS") == "on" else 'http'
回来https://
在此函数生成的 URL 中,您需要设置一个HTTPS
环境变量。
这取决于您如何设置项目,但您可以设置环境变量 https://stackoverflow.com/questions/5971312/how-to-set-environment-variables-in-python在你的settings.py
or manage.py
以下是一篇关于 SSL 的一般 Django 安全性的好文章:
- https://security.stackexchange.com/questions/8964/trying-to-make-a-django-based-site-use-https-only-not-sure-if-its-secure https://security.stackexchange.com/questions/8964/trying-to-make-a-django-based-site-use-https-only-not-sure-if-its-secure
EDIT
奇怪的是,重置密码模板使用不同的方法来构造 URL:
https://github.com/pennersr/django-allauth/blob/master/allauth/account/forms.py#L428 https://github.com/pennersr/django-allauth/blob/master/allauth/account/forms.py#L428
url = '%s://%s%s' % (app_settings.DEFAULT_HTTP_PROTOCOL,
current_site.domain,
path)
context = {"site": current_site,
"user": user,
"password_reset_url": url}
使用DEFAULT_HTTP_PROTOCOL
设置代替