110swag / flashy-backend

Download as
Browse Code ยป

Commit 389697e2816efcb2d862d22394d1c30a25c297ab

Authored by Andrew Buss
1 parent 067b98230b
Exists in master

Embiggened security settings. Pay attention to X-Forwarded-Proto

Showing 2 changed files with 3 additions and 0 deletions Side-by-side Diff

flashy/settings.py View file @ 389697e
... ... @@ -97,6 +97,7 @@
97 97 if IN_PRODUCTION:
98 98 SESSION_COOKIE_SECURE = True
99 99 CSRF_COOKIE_SECURE = True
  100 + SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
100 101 # are we secure yet?
101 102  
102 103 SECRET_KEY = os.environ.get('SECRET_KEY', 'LOL DEFAULT SECRET KEY')
nginxconf/flashy.cards View file @ 389697e
... ... @@ -26,6 +26,7 @@
26 26 proxy_set_header Host $host;
27 27 proxy_set_header X-Real-IP $remote_addr;
28 28 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  29 + proxy_set_header X-Forwarded-Proto $scheme;
29 30 }
30 31  
31 32 location ^~ /jenkins {
... ... @@ -34,6 +35,7 @@
34 35 proxy_set_header Host $host;
35 36 proxy_set_header X-Real-IP $remote_addr;
36 37 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  38 + proxy_set_header X-Forwarded-Proto $scheme;
37 39 proxy_read_timeout 90;
38 40 }
39 41 ssl_certificate /etc/nginx/ssl/bundle.crt;