Testing HTTPS handling in Django


You want to test how your application handles HTTPS requests.


Use the following to simulate a HTTPS request using the Django test client:

from django.test.client import Client

client = Client()
response = client.get(url, **{'wsgi.url_scheme': 'https'})


The standard way to test for a HTTPS request is using the is_secure method of the django.http.HttpRequest class1 and its subclasses. As of Django 1.3, the implementation of this method checks whether an environmental variable HTTPS is equal to “on”:

# django/http/__init__.py

class HttpRequest(object):
    def is_secure(self):
        return os.environ.get('HTTPS') == 'on'

However, Django’s test client uses the django.core.handlers.wsgi.WSGIRequest class for requests. This class provides an alternative implementation:

# django/core/handlers/wsgi.py

class WSGIRequest(http.HttpRequest):
    def is_secure(self):
        return 'wsgi.url_scheme' in self.environ \
            and self.environ['wsgi.url_scheme'] == 'https'

Hence why need to pass the wsgi.url_scheme keyword arg when making the request.

Note that the unpacked dictionary syntax is required as it’s the only way of specifying a keyword arg that includes a dot.


Something wrong? Suggest an improvement or add a comment (see article history)
Tagged with: django, testing
Filed in: tips

Previous: Prefer data migrations to initial data
Next: Confoo 2012 presentations

Copyright © 2005-2023 David Winterbottom
Content licensed under CC BY-NC-SA 4.0.