diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-03-17 16:03:02 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-03-17 16:03:02 +0100 |
| commit | 66c343421980b5ce301eaa202d5090d6f45833ab (patch) | |
| tree | 80146022464b7c45cd19f5827664250b55ec0ff1 | |
| parent | 63c96b0484661419c30a830e2d7ab52c209cf0f0 (diff) | |
| download | Ishtar-66c343421980b5ce301eaa202d5090d6f45833ab.tar.bz2 Ishtar-66c343421980b5ce301eaa202d5090d6f45833ab.zip | |
settings: add "ISHTAR_SECURE_OPTIONS" to activate Django secured options
| -rw-r--r-- | CHANGES.md | 1 | ||||
| -rw-r--r-- | example_project/settings.py | 18 | ||||
| -rwxr-xr-x | install/ishtar-prepare-instance | 2 |
3 files changed, 19 insertions, 2 deletions
diff --git a/CHANGES.md b/CHANGES.md index 8e971e11b..fd0bc0181 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -10,6 +10,7 @@ Ishtar changelog - General: - add custom cached_label configuration for each main item - add "created" field on main items in order to facilitate queries +- settings: add "ISHTAR_SECURE_OPTIONS" to activate Django secured options - Sheet document: better UI for files - Model: add history for document and containers - Menu: remove "Administration" entry - put Account management in "Directory" entry diff --git a/example_project/settings.py b/example_project/settings.py index 8248b6713..cd0d51557 100644 --- a/example_project/settings.py +++ b/example_project/settings.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python +#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Django settings for ishtar project. @@ -291,6 +291,7 @@ ISHTAR_DOC_TYPES = {"undefined": "Undefined"} ISHTAR_SEARCH_LANGUAGE = "french" ISHTAR_SECURE = True +ISHTAR_SECURE_OPTIONS = False ISHTAR_DPTS = [] MAX_ATTEMPTS = 1 # django background tasks @@ -442,3 +443,18 @@ if SENTRY_ID and sentry_sdk: send_default_pii=True, release=get_version() + "-" + EXTRA_VERSION ) + + +if ISHTAR_SECURE_OPTIONS: + # verify https is ok before activating + SESSION_COOKIE_SECURE = True + MIDDLEWARE += [ + "django.middleware.security.SecurityMiddleware", + "django.middleware.clickjacking.XFrameOptionsMiddleware", + ] + SECURE_HSTS_SECONDS = 31536000 + SECURE_CONTENT_TYPE_NOSNIFF = True + SECURE_BROWSER_XSS_FILTER = True + SECURE_SSL_REDIRECT = True + CSRF_COOKIE_SECURE = True + X_FRAME_OPTIONS = "DENY" diff --git a/install/ishtar-prepare-instance b/install/ishtar-prepare-instance index 50810da76..9a4030dca 100755 --- a/install/ishtar-prepare-instance +++ b/install/ishtar-prepare-instance @@ -250,7 +250,7 @@ EOF INSTALL_PREFIX=$DEST APP_DIR="$DEST/$INSTANCE" DATE=`date +%F` - SECRET_KEY=$(apg -a 0 -M ncl -n 1 -x 10 -m 40) + SECRET_KEY=$(apg -a 0 -M ncl -n 1 -x 10 -m 55) PORT_FILE=$CONFIG_PATH/last_uswgi_port |