Force HTTPS for heroku app on google domains

0
votes

I am using the Automated Certificate Management through heroku in order to implement SSL for my application. My application will successfully connect securely using HTTPS if https://www.myapp.com is used, but if www.myapp.com or myapp.com is used, it defaults to HTTP.

In Heroku the domains that have been added are respectively as follows: Domain Name: myapp.com, www.myapp.com DNS Target: myapp.com.herokudns.com, www.myapp.com.herokudns.com

In google domains I have a subdomain forward record as follows: myapp.com -> https://www.myapp.com

and under Custom resource records I have: Name: www Type: CNAME Date: www.myapp.com.herokudns.com

Is there a way to force https through google domains or heroku-cli, or is this something I need to do in my Python app?

2
pythonsslherokuflaskgoogle-domains
Checkout this answer here stackoverflow.com/a/58144352/5327882 - ronatory

2 Answers

1
votes

The easiest way is to use flask-sslify: https://github.com/kennethreitz/flask-sslify

It turns every http request to your app into a https request

you only have to add one line of code to you app (or app factory):

from flask import Flask
from flask_sslify import SSLify

app = Flask(__name__)
sslify = SSLify(app)
1
votes

flask-sslify doesn't seem to be maintained anymore. Heroku suggests looking at flask-talisman. But the csp requirements don't look trivial to me.

There really needs to be a simpler solution for this.