Skip to content

Commit

Permalink
Create new config section for web security settings
Browse files Browse the repository at this point in the history
  • Loading branch information
hmpf committed Feb 21, 2024
1 parent d96a876 commit e9b9f29
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 0 deletions.
15 changes: 15 additions & 0 deletions python/nav/django/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
from nav.db import get_connection_parameters
import nav.buildconf
from nav.jwtconf import JWTConf
from nav.web.security import WebSecurityConfigParser

ALLOWED_HOSTS = ['*']

Expand Down Expand Up @@ -254,6 +255,20 @@
'nav.web.info.searchproviders.UnrecognizedNeighborSearchProvider',
]

# Web security options supported by Django
# * https://docs.djangoproject.com/en/3.2/ref/middleware/#module-django.middleware.security
# * https://docs.djangoproject.com/en/3.2/topics/http/sessions/
# * https://docs.djangoproject.com/en/3.2/ref/clickjacking/
# Example conf:
# [security]
# ssl = on

SECURE_BROWSER_XSS_FILTER = True # Does no harm

_websecurity_config = WebSecurityConfigParser()
_tls_enabled = bool(_websecurity_config.getboolean('tls', False))
SESSION_COOKIE_SECURE = _tls_enabled

# Hack for hackers to use features like debug_toolbar etc.
# https://code.djangoproject.com/wiki/SplitSettings (Rob Golding's method)
if _config_dir:
Expand Down
11 changes: 11 additions & 0 deletions python/nav/web/security.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
from pathlib import Path

from nav.config import NAVConfigParser


class WebSecurityConfigParser(NAVConfigParser):
DEFAULT_CONFIG_FILES = [str(Path('webfront') / 'webfront.conf')]
DEFAULT_CONFIG = u"""
[security]
tls=on
"""

0 comments on commit e9b9f29

Please sign in to comment.