You have configured an SSL certificate and now you want your application to use https for all requests.
Redirects need to be performed at the application level as the Heroku router does not provide this functionality. You should code the redirect logic into your application.
Under the hood, Heroku router (over)writes the
X-Forwarded-Proto and the
X-Forwarded-Port request headers. The app must check
X-Forwarded-Proto and respond with a redirect response when it is not
config.force_ssl = true in your
config/environments/production.rb or similar.
Use a package to set this up for your app. Some options can be found here: https://www.npmjs.com/search?q=express+ssl
You can add directives to the
.htaccess file at the root of your project to do this. See this SO post for an example https://stackoverflow.com/a/34065445
Add the following to your
Settings file, adding the middleware to your existing
MIDDLEWARE list if one exists.
MIDDLEWARE = [ # SecurityMiddleware must be listed before other middleware 'django.middleware.security.SecurityMiddleware', # ... ] SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SECURE_SSL_REDIRECT = True
Note: The previously recommended solution (flask-sslify) is no longer maintained.