Fixed #23: Replace https hack with header setting
This commit is contained in:
Andrew Godwin
parent
b4166f78bb
commit
70d01bf1b4
|
|
@ -1,21 +1,6 @@
|
|||
from core.models import Config
|
||||
|
||||
|
||||
class AlwaysSecureMiddleware:
|
||||
"""
|
||||
Locks the request object as always being secure, for when it's behind
|
||||
a HTTPS reverse proxy.
|
||||
"""
|
||||
|
||||
def __init__(self, get_response):
|
||||
self.get_response = get_response
|
||||
|
||||
def __call__(self, request):
|
||||
request.__class__.scheme = "https"
|
||||
response = self.get_response(request)
|
||||
return response
|
||||
|
||||
|
||||
class ConfigLoadingMiddleware:
|
||||
"""
|
||||
Caches the system config every request
|
||||
|
|
|
|||
|
|
@ -5,9 +5,6 @@ from .base import * # noqa
|
|||
# Load secret key from environment with a fallback
|
||||
SECRET_KEY = os.environ.get("TAKAHE_SECRET_KEY", "insecure_secret")
|
||||
|
||||
# Disable the CRSF origin protection
|
||||
MIDDLEWARE.insert(0, "core.middleware.AlwaysSecureMiddleware")
|
||||
|
||||
# Ensure debug features are on
|
||||
DEBUG = True
|
||||
|
||||
|
|
@ -16,6 +13,7 @@ CSRF_TRUSTED_ORIGINS = [
|
|||
"http://127.0.0.1:8000",
|
||||
"https://127.0.0.1:8000",
|
||||
]
|
||||
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||
|
||||
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
|
||||
SERVER_EMAIL = "test@example.com"
|
||||
|
|
|
|||
Loading…
Reference in New Issue