summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Godwin2022-11-20 13:58:54 -0700
committerAndrew Godwin2022-11-20 13:58:54 -0700
commit70d01bf1b4f44c48fa8af524ff7d73b485d62dc2 (patch)
treeae6d84eae6bcab755b900929f7fe5f2c206a2005
parentb4166f78bbb3e2d8a2572a80920a689730ed7d5c (diff)
downloadtakahe-70d01bf1b4f44c48fa8af524ff7d73b485d62dc2.tar.gz
takahe-70d01bf1b4f44c48fa8af524ff7d73b485d62dc2.tar.bz2
takahe-70d01bf1b4f44c48fa8af524ff7d73b485d62dc2.zip
Fixed #23: Replace https hack with header setting
-rw-r--r--core/middleware.py15
-rw-r--r--takahe/settings/development.py4
2 files changed, 1 insertions, 18 deletions
diff --git a/core/middleware.py b/core/middleware.py
index fdb08a8..fca5dd8 100644
--- a/core/middleware.py
+++ b/core/middleware.py
@@ -1,21 +1,6 @@
from core.models import Config
-class AlwaysSecureMiddleware:
- """
- Locks the request object as always being secure, for when it's behind
- a HTTPS reverse proxy.
- """
-
- def __init__(self, get_response):
- self.get_response = get_response
-
- def __call__(self, request):
- request.__class__.scheme = "https"
- response = self.get_response(request)
- return response
-
-
class ConfigLoadingMiddleware:
"""
Caches the system config every request
diff --git a/takahe/settings/development.py b/takahe/settings/development.py
index d71a406..06e5278 100644
--- a/takahe/settings/development.py
+++ b/takahe/settings/development.py
@@ -5,9 +5,6 @@ from .base import * # noqa
# Load secret key from environment with a fallback
SECRET_KEY = os.environ.get("TAKAHE_SECRET_KEY", "insecure_secret")
-# Disable the CRSF origin protection
-MIDDLEWARE.insert(0, "core.middleware.AlwaysSecureMiddleware")
-
# Ensure debug features are on
DEBUG = True
@@ -16,6 +13,7 @@ CSRF_TRUSTED_ORIGINS = [
"http://127.0.0.1:8000",
"https://127.0.0.1:8000",
]
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
SERVER_EMAIL = "test@example.com"