Backend - Make SECURE_SSL_REDIRECT configurable trough .env

[mosa-riel]

Both Messages and Calendars have SECURE_SSL_REDIRECT = True hardcoded in their Django settings. This forces a 301 redirect from HTTP to HTTPS on all
requests, including internal service-to-service calls within the Kubernetes cluster.

This breaks in-cluster communication: when Calendars calls http://messages-backend:80/api/v1.0/provisioning/mailboxes/, Messages responds with a 301
to https://messages-backend/... which doesn't resolve internally — there's no TLS listener on the pod.

Currently we work around this by routing through the external URL, which adds unnecessary ingress hops for what should be a direct pod-to-pod call.

Proposed fix

Make it a values.BooleanValue in both repos so it can be set via environment variable:

SECURE_SSL_REDIRECT = values.BooleanValue(
    True, environ_name="SECURE_SSL_REDIRECT", environ_prefix=None
)

Deployments behind a TLS-terminating ingress/proxy can then set SECURE_SSL_REDIRECT=False and rely on the ingress for HTTPS enforcement.

The same change should be considered for SECURE_PROXY_SSL_HEADER and SECURE_HSTS_* settings.

Context

• TLS is terminated at the ingress
• Calendars' Messages integration needs to call Messages' provisioning and submit APIs
• In-cluster HTTP is preferred for latency and simplicity

[sylvinus]

I think you can set all settings values with DJANGO_* env vars ? So probably DJANGO_SECURE_SSL_REDIRECT does the job? I agree it's a bit inconsistent.

[sylvinus]

@mosa-riel can you confirm ?