From ae7882de8325c9cdd5a5d83fed2f68e0235d35fa Mon Sep 17 00:00:00 2001 From: Hanne Moa Date: Mon, 26 Feb 2024 14:38:02 +0100 Subject: [PATCH] Rename "tls" config-flag to "needs_tls" --- python/nav/django/settings.py | 6 +++--- python/nav/etc/webfront/webfront.conf | 5 ++++- python/nav/web/security.py | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/python/nav/django/settings.py b/python/nav/django/settings.py index 4d7c6ea68c..22edd4d403 100644 --- a/python/nav/django/settings.py +++ b/python/nav/django/settings.py @@ -259,13 +259,13 @@ # * https://docs.djangoproject.com/en/3.2/ref/clickjacking/ # Example conf: # [security] -# ssl = on +# needs_ssl = yes SECURE_BROWSER_XSS_FILTER = True # Does no harm _websecurity_config = WebSecurityConfigParser() -_tls_enabled = bool(_websecurity_config.getboolean('security', 'tls')) -SESSION_COOKIE_SECURE = _tls_enabled +_needs_tls = bool(_websecurity_config.getboolean('security', 'needs_tls')) +SESSION_COOKIE_SECURE = _needs_tls # Hack for hackers to use features like debug_toolbar etc. # https://code.djangoproject.com/wiki/SplitSettings (Rob Golding's method) diff --git a/python/nav/etc/webfront/webfront.conf b/python/nav/etc/webfront/webfront.conf index 05ca2a3c2a..ab104db44f 100644 --- a/python/nav/etc/webfront/webfront.conf +++ b/python/nav/etc/webfront/webfront.conf @@ -132,4 +132,7 @@ enabled = no #post-logout-redirect-url=/magic/logout?nexthop=/ [security] -# tls = off +# Whether NAV must be run under TLS or not. Toggling this to `yes` toggles web +# security features that are only available with TLS/SSL enabled. In +# development mode this defaults to `no`. +# needs_tls = no diff --git a/python/nav/web/security.py b/python/nav/web/security.py index 815d2f162d..cb3d64cce4 100644 --- a/python/nav/web/security.py +++ b/python/nav/web/security.py @@ -7,5 +7,5 @@ class WebSecurityConfigParser(NAVConfigParser): DEFAULT_CONFIG_FILES = [str(Path('webfront') / 'webfront.conf')] DEFAULT_CONFIG = u""" [security] -tls=off +needs_tls=no """