add SECURE_PROXY_SSL_HEADER env arg option

This commit is contained in:
jcgoette 2021-08-20 22:23:59 -04:00 committed by Christopher Charbonneau Wells
parent f48141e2bb
commit 81fad7d30e
2 changed files with 17 additions and 0 deletions

View File

@ -255,6 +255,7 @@ take precedence over the contents of an `.env` file.**
- [`DB_PORT`](#db_port)
- [`DB_USER`](#db_user)
- [`SECRET_KEY`](#secret_key)
- [`SECURE_PROXY_SSL_HEADER`](#secure_proxy_ssl_header)
- [`TIME_ZONE`](#time_zone)
- [`USE_24_HOUR_TIME_FORMAT`](#use_24_hour_time_format)
@ -372,6 +373,16 @@ be deployed and run.
See also [Django's documentation on the SECRET_KEY setting](https://docs.djangoproject.com/en/3.0/ref/settings/#secret-key).
### `SECURE_PROXY_SSL_HEADER`
*Default: None*
If Baby Buddy is behind a proxy, you may need to set this to True. This tells Baby Buddy to trust the X-Forwarded-Proto header that comes from your proxy, and any time its value is 'https', then the request is guaranteed to be secure (i.e., it originally came in via HTTPS).
:warning: Modifying this setting can compromise Baby Buddys security. Ensure you fully understand your setup before changing it.
See also [Django's documentation on the SECURE_PROXY_SSL_HEADER setting](https://docs.djangoproject.com/en/3.0/ref/settings/#secure-proxy-ssl-header).
### `TIME_ZONE`
*Default: UTC*

View File

@ -290,3 +290,9 @@ BABY_BUDDY = {
'NAP_START_MAX': os.environ.get('NAP_START_MAX') or '18:00',
'ALLOW_UPLOADS': os.environ.get('ALLOW_UPLOADS') or True
}
# Set SECURE_PROXY_SSL_HEADER
# See https://docs.djangoproject.com/en/3.2/ref/settings/#secure-proxy-ssl-header for why and when to set this
if os.environ.get('SECURE_PROXY_SSL_HEADER'):
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')