From 3a6bc8c0f7941f78a49da6e94ae8d0f06100e42c Mon Sep 17 00:00:00 2001 From: Jacques ROUSSEL Date: Mon, 30 Sep 2024 09:29:35 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(backend)=20fix=20configuration=20t?= =?UTF-8?q?o=20avoid=20different=20ssl=20warning?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix following warning messages : - You have not set a value for the SECURE_HSTS_SECONDS setting. - Your SECURE_SSL_REDIRECT setting is not set to True. --- CHANGELOG.md | 2 ++ src/backend/impress/settings.py | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 53dcc7c2..b1961069 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,8 @@ and this project adheres to - 🐛(backend) gitlab oicd userinfo endpoint #232 - 🛂(frontend) redirect to the OIDC when private doc and unauthentified #292 - ♻️(backend) getting list of document versions available for a user #258 +- 🔧(backend) fix configuration to avoid different ssl warning #297 + ## [1.4.0] - 2024-09-17 diff --git a/src/backend/impress/settings.py b/src/backend/impress/settings.py index 5c1058b3..5f1137e0 100755 --- a/src/backend/impress/settings.py +++ b/src/backend/impress/settings.py @@ -546,6 +546,14 @@ class Production(Base): # In other cases, you should comment the following line to avoid security issues. # SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") + SECURE_HSTS_SECONDS = 60 + SECURE_HSTS_PRELOAD = True + SECURE_HSTS_INCLUDE_SUBDOMAINS = True + SECURE_SSL_REDIRECT = True + SECURE_REDIRECT_EXEMPT = [ + "^__lbheartbeat__", + "^__heartbeat__", + ] # Modern browsers require to have the `secure` attribute on cookies with `Samesite=none` CSRF_COOKIE_SECURE = True