Scott.Idem/OSIT-Mailman3
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Enable security options in django settings.

Browse Source
This commit is contained in:
Abhilash Raj
2017-04-06 13:01:20 -07:00
parent b863cb0767
commit c40fcbe3dd
1 changed files with 13 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
web/assets/settings.py
View File

@@ -169,7 +169,7 @@ DATABASES = {
# If you're behind a proxy, use the X-Forwarded-Host header # If you're behind a proxy, use the X-Forwarded-Host header
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host # See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
# USE_X_FORWARDED_HOST = True USE_X_FORWARDED_HOST = True
# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER # And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header # https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
@@ -177,23 +177,23 @@ DATABASES = {
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https') # SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
# Other security settings # Other security settings
# SECURE_SSL_REDIRECT = True SECURE_SSL_REDIRECT = True
# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT # If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
# contains at least this line: # contains at least this line:
# SECURE_REDIRECT_EXEMPT = [ SECURE_REDIRECT_EXEMPT = [
# "archives/api/mailman/.*", # Request from Mailman. # Request from Mailman.
# ] "archives/api/mailman/.*",
# SESSION_COOKIE_SECURE = True ]
SESSION_COOKIE_SECURE = True
# SECURE_CONTENT_TYPE_NOSNIFF = True # SECURE_CONTENT_TYPE_NOSNIFF = True
# SECURE_BROWSER_XSS_FILTER = True SECURE_BROWSER_XSS_FILTER = True
# CSRF_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True
# CSRF_COOKIE_HTTPONLY = True # CSRF_COOKIE_HTTPONLY = True
# X_FRAME_OPTIONS = 'DENY' X_FRAME_OPTIONS = 'DENY'
# Password validation # Password validation
# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators # https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [ AUTH_PASSWORD_VALIDATORS = [
{ {
'NAME': 'NAME':
@@ -396,12 +396,6 @@ HAYSTACK_CONNECTIONS = {
}, },
} }
try:
os.mkdir('logs')
except OSError:
pass
# A sample logging configuration. The only tangible logging # A sample logging configuration. The only tangible logging
# performed by this configuration is to send an email to # performed by this configuration is to send an email to
# the site admins on every HTTP 500 error when DEBUG=False. # the site admins on every HTTP 500 error when DEBUG=False.
@@ -436,17 +430,17 @@ LOGGING = {
'loggers': { 'loggers': {
'django.request': { 'django.request': {
'handlers': ['mail_admins', 'file'], 'handlers': ['mail_admins', 'file'],
'level': 'ERROR', 'level': 'INFO',
'propagate': True, 'propagate': True,
}, },
'django': { 'django': {
'handlers': ['file'], 'handlers': ['file'],
'level': 'ERROR', 'level': 'INFO',
'propagate': True, 'propagate': True,
}, },
'hyperkitty': { 'hyperkitty': {
'handlers': ['file'], 'handlers': ['file'],
'level': 'DEBUG', 'level': 'INFO',
'propagate': True, 'propagate': True,
}, },
'postorius': { 'postorius': {
@@ -478,19 +472,9 @@ LOGGING = {
# } # }
#} #}
# When DEBUG is True, don't actually send emails to the SMTP server, just store
# them in a directory. This way you won't accidentally spam your mailing-lists
# while you're fiddling with the code.
if DEBUG == True:
EMAIL_BACKEND = 'django.core.mail.backends.filebased.EmailBackend'
EMAIL_FILE_PATH = os.path.join(BASE_DIR, 'emails')
# #
# HyperKitty-specific # HyperKitty-specific
# #
# Only display mailing-lists from the same virtual host as the webserver # Only display mailing-lists from the same virtual host as the webserver
FILTER_VHOST = False FILTER_VHOST = False