From 8bb458dfe08e5928308db50401f339e58a59395c Mon Sep 17 00:00:00 2001
From: Linus Lewandowski <linus@lew21.net>
Date: Sun, 28 May 2017 23:49:20 +0200
Subject: [PATCH 1/3] Added TRUST_X_FORWARDED_PROTO variable

This boolean variable can be used to control if Django should interpret the X-Forwarded-Proto header, and assume user is using https when it says so. It's usually needed for deployments behind reverse proxies.
---
 django12factor/__init__.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/django12factor/__init__.py b/django12factor/__init__.py
index 5cf9dda..81ac1c8 100644
--- a/django12factor/__init__.py
+++ b/django12factor/__init__.py
@@ -127,6 +127,11 @@ def factorise(custom_settings=None):
 
     settings['ALLOWED_HOSTS'] = os.getenv('ALLOWED_HOSTS', '').split(',')
 
+    if getenv_bool('TRUST_X_FORWARDED_PROTO'):
+    	settings['SECURE_PROXY_SSL_HEADER'] = ('HTTP_X_FORWARDED_PROTO', 'https')
+    else:
+    	settings['SECURE_PROXY_SSL_HEADER'] = None
+
     # For keys to different apis, etc.
     if custom_settings is None:
         custom_settings = []

From 751001ee68f49cdb7bac280361261609e19af6e1 Mon Sep 17 00:00:00 2001
From: Linus Lewandowski <linus@lew21.net>
Date: Sun, 28 May 2017 23:49:32 +0200
Subject: [PATCH 2/3] Changelog: Added TRUST_X_FORWARDED_PROTO variable

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f714141..7ee114b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Unreleased
 
 * Dropped Python 3.2 support
+* Added TRUST_X_FORWARDED_PROTO variable
 
 ## 1.3
 

From cffabba5aa8b3ac8561cd1a117f7debc158d3f81 Mon Sep 17 00:00:00 2001
From: Linus Lewandowski <linus@lew21.net>
Date: Sun, 28 May 2017 23:50:18 +0200
Subject: [PATCH 3/3] Add a test for TRUST_X_FORWARDED_PROTO.

---
 tests/test_d12f.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tests/test_d12f.py b/tests/test_d12f.py
index 9288232..6fed72e 100644
--- a/tests/test_d12f.py
+++ b/tests/test_d12f.py
@@ -149,3 +149,12 @@ def test_non_capitalised_database_ignored(self):
                 "Loaded %d databases instead of just 1 (default) - got %s "
                 "from environment %s" % (len(dbs), dbs.keys(), e)
             )
+
+    def test_use_x_forwarded_proto(self):
+        with debugenv(TRUST_X_FORWARDED_PROTO="on"):
+            settings = d12f()
+            self.assertEquals(('HTTP_X_FORWARDED_PROTO', 'https'), settings['SECURE_PROXY_SSL_HEADER'])
+
+        with debugenv(TRUST_X_FORWARDED_PROTO="off"):
+            settings = d12f()
+            self.assertEquals(None, settings['SECURE_PROXY_SSL_HEADER'])