fix: enforce apex redirect using Host header

2026-05-03 02:23:16 +02:00
parent 72de8844bb
commit 37650b3325
1 changed files with 3 additions and 1 deletions
--- a/mandelstudio/middleware.py
+++ b/mandelstudio/middleware.py
@@ -14,7 +14,9 @@ class RedirectApexToWwwMiddleware:
        self.get_response = get_response

    def __call__(self, request: HttpRequest):
-        host = (request.get_host() or "").split(":")[0].lower()
+        # Use the raw Host header so proxy-specific X-Forwarded-Host rewrites
+        # can't prevent the apex redirect.
+        host = (request.META.get("HTTP_HOST") or "").split(":")[0].lower()
        if host == "mandelblog.com":
            destination = request.build_absolute_uri().replace(
                "://mandelblog.com", "://www.mandelblog.com", 1