Skip to content

Commit

Permalink
Rename "tls" config-flag to "needs_tls"
Browse files Browse the repository at this point in the history
  • Loading branch information
hmpf committed Feb 28, 2024
1 parent e768d73 commit ae7882d
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 5 deletions.
6 changes: 3 additions & 3 deletions python/nav/django/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -259,13 +259,13 @@
# * https://docs.djangoproject.com/en/3.2/ref/clickjacking/
# Example conf:
# [security]
# ssl = on
# needs_ssl = yes

SECURE_BROWSER_XSS_FILTER = True # Does no harm

_websecurity_config = WebSecurityConfigParser()
_tls_enabled = bool(_websecurity_config.getboolean('security', 'tls'))
SESSION_COOKIE_SECURE = _tls_enabled
_needs_tls = bool(_websecurity_config.getboolean('security', 'needs_tls'))
SESSION_COOKIE_SECURE = _needs_tls

# Hack for hackers to use features like debug_toolbar etc.
# https://code.djangoproject.com/wiki/SplitSettings (Rob Golding's method)
Expand Down
5 changes: 4 additions & 1 deletion python/nav/etc/webfront/webfront.conf
Original file line number Diff line number Diff line change
Expand Up @@ -132,4 +132,7 @@ enabled = no
#post-logout-redirect-url=/magic/logout?nexthop=/

[security]
# tls = off
# Whether NAV must be run under TLS or not. Toggling this to `yes` toggles web
# security features that are only available with TLS/SSL enabled. In
# development mode this defaults to `no`.
# needs_tls = no
2 changes: 1 addition & 1 deletion python/nav/web/security.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ class WebSecurityConfigParser(NAVConfigParser):
DEFAULT_CONFIG_FILES = [str(Path('webfront') / 'webfront.conf')]
DEFAULT_CONFIG = u"""
[security]
tls=off
needs_tls=no
"""

0 comments on commit ae7882d

Please sign in to comment.