I've started tackling one of the ideas that's been on our GSoC ideas page for a couple years now: integrating django-secure. I chatted with Carl about the idea and he's onboard. There are a couple of design decisions we'll need to make.
1. How to integrate django-secure with the checks framework django-secure essentially implements its own checks framework (which predates the one in Django). The tricky part is that django-secure's checks are not ones that generally should pass on a development instance; they're checks that only make sense to run on a production server (or at least against a production settings file). I'm thinking to have some way to skip these new checks by default and run them only when requested (e.g. manage.py check secure --settings=prod_settings). Other options include an entirely separate command like django-secure implements (curently called checksecure), but perhaps could be called checkdeploy and eventually extended with other checks that are relevant only in production. Idea/insight from those more familiar with the checks framework (Chris, Russ), would be welcome. 2. How to add settings for django-secure As discussed in the thread below, I'm going to explore developing an API for storing settings on an AppConfig to avoid adding more global settings. https://groups.google.com/d/topic/django-developers/qnnCLppwA3o/discussion I have imported django-secure into django.contrib.secure and started work on integrating it with the built-in checks framework as well as removing some bits of it that have since been added to Django (frame-deny, SSL-proxy support). Work in progress: https://github.com/django/django/pull/3128 Thanks for your feedback! -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAD-rxRAHY40Bjr481%2B7RBE01ROqTmPGdb9mJ1dnamj2Fu3K%3DHg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
