On Thu, Aug 28, 2014 at 8:44 AM, Tim Graham <[email protected]> wrote:
> I've implemented the ability to register "deployment checks" by adding
> deploy=True to register: @register("tag_name", deploy=True). These checks
> are only run if you pass the --deploy flag to check. So in development you
> can run `manage.py check --deploy --settings=settings_prod` to check your
> production settings file. Running these checks automatically if DEBUG is
> False would likely give them better visibility, but I don't see an easy way
> of disabling them when testing if we did that.
>
> Regarding settings, would it be preferable to move them into a single
> dictionary setting called something like SECURITY_MIDDLEWARE_CONFIG?
>
Yes. It is much nicer having a collection of related settings in a dict.
>
> On Thursday, August 28, 2014 6:27:40 AM UTC-4, Tim Graham wrote:
>>
>> The settings for the SecurityMiddleware as they appear in django-secure
>> are:
>>
>> SECURE_HSTS_SECONDS=0
>> SECURE_HSTS_INCLUDE_SUBDOMAINS=False
>> SECURE_CONTENT_TYPE_NOSNIFF=False
>> SECURE_BROWSER_XSS_FILTER=False
>> SECURE_SSL_REDIRECT=False
>> SECURE_SSL_HOST=None
>> SECURE_REDIRECT_EXEMPT=[]
>>
>> Yo-Yo, would be helpful to say *why* you are -1 so we can take that into
>> consideration.
>>
>
-1 on having to subclass a middleware to define its settings. Doing that
seems like the wrong approach and prevents having settings consolidated in
a single place. This would make it more difficult to have different
settings for different environments. This would likely result in a snippet
that subclasses the middleware to look in settings.
>
>> On Thursday, August 28, 2014 2:45:07 AM UTC-4, Yo-Yo Ma wrote:
>>>
>>> +1 on basically adding the functionality of checksecure to the default
>>> validation.
>>>
>>> -1 to adding the middleware.
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/5069271f-8a21-4fdd-921f-ee2baa11b45b%40googlegroups.com
> <https://groups.google.com/d/msgid/django-developers/5069271f-8a21-4fdd-921f-ee2baa11b45b%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/CAGdCwBtC-eBxk0D1Wka5FKjaNg9_dxpWwsb6m84Er3Q%3D%2BfsdAw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
