Skip to content
This repository has been archived by the owner on Dec 9, 2021. It is now read-only.

22: Enable SSL redirect and other security settings #203

Merged
merged 2 commits into from
Sep 25, 2019
Merged

22: Enable SSL redirect and other security settings #203

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
98a9c3c
22: Enable recommended-by-Django security settings as defaults
Sep 23, 2019
0ed1bfc
22: Address issue with wagtail-bakery where SECURE_SSL_REDIRECT=True …
Sep 23, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions developerportal/apps/bakery/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
import logging

from django.conf import settings
from django.test.client import RequestFactory

from wagtailbakery.views import AllPublishedPagesView

logger = logging.getLogger(__name__)


class AllPublishedPagesViewAllowingSecureRedirect(AllPublishedPagesView):
"""Extension of `AllPublishedPagesView` that detects application-level SSL
redirection in order to avoid an issue where rendered pages end up being 0 bytes

See https://github.com/wagtail/wagtail-bakery/issues/24 for confirmation of the
issue and the discussion on https://github.com/wagtail/wagtail-bakery/pull/25
that points to a custom view being the (current) workaround. Ideally we'll be
able to replace this when that issue is resolved.

The following code is taken from that closed PR, which adds the `secure_request`
variable.
"""

def build_object(self, obj):
"""
Build wagtail page and set SERVER_NAME to retrieve corresponding site
object.
"""
site = obj.get_site()
logger.debug("Building %s" % obj)
secure_request = site.port == 443 or getattr(
settings, "SECURE_SSL_REDIRECT", False
)
self.request = RequestFactory(SERVER_NAME=site.hostname).get(
self.get_url(obj), secure=secure_request
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

secure=secure_request and the creation of thesecure_request variable itself were the two things added in wagtail-nest/wagtail-bakery#25 -- the rest of the method is unchanged

)
self.set_kwargs(obj)
path = self.get_build_path(obj)
self.build_file(path, self.get_content(obj))
14 changes: 13 additions & 1 deletion developerportal/settings/base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,16 @@
MEDIA_URL = "/media/"


# Django security settings (see `manage.py check --deploy`)

CSRF_COOKIE_SECURE = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
X_FRAME_OPTIONS = "DENY"

# Wagtail settings

WAGTAIL_SITE_NAME = "Mozilla Developers"
Expand Down Expand Up @@ -215,7 +225,9 @@
# Wagtail Bakery Settings
BUILD_DIR = os.path.join(BASE_DIR, "build")
BAKERY_MULTISITE = True
BAKERY_VIEWS = ("wagtailbakery.views.AllPublishedPagesView",)
BAKERY_VIEWS = (
"developerportal.apps.bakery.views.AllPublishedPagesViewAllowingSecureRedirect",
)
AWS_REGION = os.environ.get("AWS_REGION")
AWS_BUCKET_NAME = os.environ.get("AWS_BUCKET_NAME")

Expand Down
1 change: 1 addition & 0 deletions developerportal/settings/dev.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"

SECURE_SSL_REDIRECT = False

try:
from .local import *
Expand Down