diff options
author | Andrew Godwin | 2022-11-20 13:58:54 -0700 |
---|---|---|
committer | Andrew Godwin | 2022-11-20 13:58:54 -0700 |
commit | 70d01bf1b4f44c48fa8af524ff7d73b485d62dc2 (patch) | |
tree | ae6d84eae6bcab755b900929f7fe5f2c206a2005 | |
parent | b4166f78bbb3e2d8a2572a80920a689730ed7d5c (diff) | |
download | takahe-70d01bf1b4f44c48fa8af524ff7d73b485d62dc2.tar.gz takahe-70d01bf1b4f44c48fa8af524ff7d73b485d62dc2.tar.bz2 takahe-70d01bf1b4f44c48fa8af524ff7d73b485d62dc2.zip |
Fixed #23: Replace https hack with header setting
-rw-r--r-- | core/middleware.py | 15 | ||||
-rw-r--r-- | takahe/settings/development.py | 4 |
2 files changed, 1 insertions, 18 deletions
diff --git a/core/middleware.py b/core/middleware.py index fdb08a8..fca5dd8 100644 --- a/core/middleware.py +++ b/core/middleware.py @@ -1,21 +1,6 @@ from core.models import Config -class AlwaysSecureMiddleware: - """ - Locks the request object as always being secure, for when it's behind - a HTTPS reverse proxy. - """ - - def __init__(self, get_response): - self.get_response = get_response - - def __call__(self, request): - request.__class__.scheme = "https" - response = self.get_response(request) - return response - - class ConfigLoadingMiddleware: """ Caches the system config every request diff --git a/takahe/settings/development.py b/takahe/settings/development.py index d71a406..06e5278 100644 --- a/takahe/settings/development.py +++ b/takahe/settings/development.py @@ -5,9 +5,6 @@ from .base import * # noqa # Load secret key from environment with a fallback SECRET_KEY = os.environ.get("TAKAHE_SECRET_KEY", "insecure_secret") -# Disable the CRSF origin protection -MIDDLEWARE.insert(0, "core.middleware.AlwaysSecureMiddleware") - # Ensure debug features are on DEBUG = True @@ -16,6 +13,7 @@ CSRF_TRUSTED_ORIGINS = [ "http://127.0.0.1:8000", "https://127.0.0.1:8000", ] +SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend" SERVER_EMAIL = "test@example.com" |