How to redirect all traffic from http to https for Django 3 apps hosted on Heroku

I’ve come across the following issue a handful of times when building new web apps hosted on Heroku: I want a custom domain, and I want a simple way to force a http → https redirect.

If you set up a custom URL on Heroku for your Django app and you pay for hobby or higher dynos (SSL is not available on the free level), then follow the below step to enable a redirect from insecure http requests to secure https requests.

From within your Django app, add the following to your settings.py file:

...
MIDDLEWARE = [
    # SecurityMiddleware must be listed before other middleware
    'django.middleware.security.SecurityMiddleware',
    # ...
]
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
...

That’s it! Push your app to Heroku and confirm that http requests now redirect to https.

If you liked this, follow me on Twitter @elitwilliams.