Forums

We received this query through feedback from a user that was not logged in and didn't leave an email address, so I thought we could answer it here, since it seems like it may be generally helpful, too:

Hello, I realize that pythonanywhere runs with SSL and so does any web2py application created in it. Is there any way to avoid this? I just need to set up a regular http site

We don't require SSL for user web apps (we just allow it) and neither does web2py. Web2py does require SSL for access to the admin interface. That's a really good idea and I don't think you should disable it, even if it is possible.

Hello Glenn, Thanks for your reply. I was the one that posted the question (I didn't realize I was not logged in) I understand that it makes sense to use SSL in Web2py Admin interface. But how can I disable SSL for every other web2py (non-admin) URLs? I would rather have normal http:// links for the site to be able to get external JS for example. Thanks, Clara

As far as I know, web2py generates the links based on how the site is visited (because browsers don't like mixing https and http requests for the same page) so it's doing the right thing. The right way to do what you're proposing (even though I think it's a bad idea - forcing your users to use an unsecured connection doesn't feel like a good idea) is to redirect all https accesses to http, though I don't know how to do that in web2py. Perhaps one of our other users knows.

What you mean is then that:

if the request is http, the response is (remains) http

if the request is https, the response is (remains) https

and if the request is an admin URL the response is always https

Correct? Clara

No. When a page is served via http, I believe that web2py links to the resources using http and when it is served via https, the resources are linked via https.