From 37650b332512ccc177056076f7d25ffddefc377c Mon Sep 17 00:00:00 2001
From: Mandel Olaiya <mandeleolaiya15@icloud.com>
Date: Sun, 3 May 2026 02:23:16 +0200
Subject: [PATCH] fix: enforce apex redirect using Host header

---
 mandelstudio/middleware.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mandelstudio/middleware.py b/mandelstudio/middleware.py
index d912c4c..6304dd4 100644
--- a/mandelstudio/middleware.py
+++ b/mandelstudio/middleware.py
@@ -14,7 +14,9 @@ class RedirectApexToWwwMiddleware:
         self.get_response = get_response
 
     def __call__(self, request: HttpRequest):
-        host = (request.get_host() or "").split(":")[0].lower()
+        # Use the raw Host header so proxy-specific X-Forwarded-Host rewrites
+        # can't prevent the apex redirect.
+        host = (request.META.get("HTTP_HOST") or "").split(":")[0].lower()
         if host == "mandelblog.com":
             destination = request.build_absolute_uri().replace(
                 "://mandelblog.com", "://www.mandelblog.com", 1