Ensure hardcoded http:// references are removed from the API response data

[MikeTheCanuck]

Now that #170 has been implemented, all ECS services can answer at both http:// and https:// URLs.

However, we know that some of the APIs are sending out response data that include hard-coded http:// paths - making it hard for us to migrate immediately to all-https.

Examples were noted in PR 53, but many others throughout the APIs are likely lurking.

[bhgrant8]

There are a few things that could be causing this, that don't want to be too quick to experiment without looking at full repercussions.

Here is the Django 2.0 reference on SSL/HTTPS support:

https://docs.djangoproject.com/en/2.0/topics/security/#ssl-https

It seems there may be some extra configuration, if https is not being returned, specifically, this value that would be set in the settings.py:

https://docs.djangoproject.com/en/2.0/ref/settings/#std:setting-SECURE_PROXY_SSL_HEADER

Though there are some very big caveats, before using.

But this does seem to be a similar issue that was related here:

marcgibbons/django-rest-swagger#363

We may have to look at any related settings in gunicorn as well, as they mention:

We will also need to pass the header from apache or nginx. I am using nginx and have the following line in my site nginx config.

• going to note here that a further step could be looking at whitenoise, if it affects https at all