pkgs/by-name/la/lasuite-docs/secure_settings.patch at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / pkgs / by-name / la / lasuite-docs / secure_settings.patch

at master 36 lines 1.6 kB view raw

 1diff --git a/impress/settings.py b/impress/settings.py
 2index 9d825095..518aca7f 100755
 3--- a/impress/settings.py
 4+++ b/impress/settings.py
 5@@ -822,19 +822,24 @@ class Production(Base):
 6     #
 7     # In other cases, you should comment the following line to avoid security issues.
 8     # SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 9-    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
10-    SECURE_HSTS_SECONDS = 60
11-    SECURE_HSTS_PRELOAD = True
12-    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
13-    SECURE_SSL_REDIRECT = True
14+    SECURE_PROXY_SSL_HEADER = values.TupleValue(("HTTP_X_FORWARDED_PROTO", "https"),
15+                                                environ_name="SECURE_PROXY_SSL_HEADER")
16+    SECURE_HSTS_SECONDS = values.IntegerValue(
17+        60, environ_name="SECURE_HSTS_SECONDS")
18+    SECURE_HSTS_PRELOAD = values.BooleanValue(
19+        True, environ_name="SECURE_HSTS_PRELOAD")
20+    SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(
21+        True, environ_name="SECURE_HSTS_INCLUDE_SUBDOMAINS")
22+    SECURE_SSL_REDIRECT = values.BooleanValue(
23+        True, environ_name="SECURE_SSL_REDIRECT")
24     SECURE_REDIRECT_EXEMPT = [
25         "^__lbheartbeat__",
26         "^__heartbeat__",
27     ]
28 
29     # Modern browsers require to have the `secure` attribute on cookies with `Samesite=none`
30-    CSRF_COOKIE_SECURE = True
31-    SESSION_COOKIE_SECURE = True
32+    CSRF_COOKIE_SECURE = values.BooleanValue(True, environ_name="CSRF_COOKIE_SECURE")
33+    SESSION_COOKIE_SECURE = values.BooleanValue(True, environ_name="SESSION_COOKIE_SECURE")
34 
35     # Privacy
36     SECURE_REFERRER_POLICY = "same-origin"