1. 04 Sep, 2016 3 commits
  2. 22 Feb, 2016 2 commits
  3. 21 Feb, 2016 4 commits
    • Vladimir Mencl's avatar
      PIP: add requirements-optional.txt · b8e69eb7
      Vladimir Mencl authored
      As per discussion in #10:
      * Make PyYAML import floating in 3.x (without pinning to 3.0.10)
      * Move Mako import to new file requirements-optional.txt
      * Update docs/installation/requirements.md to refer to requirements-optional.txt
    • Vladimir Mencl's avatar
      Templates: servers_edit: add missing </div> · 6bd36aca
      Vladimir Mencl authored
      A missing </div> was at times causing the footer to go out of place and cover
      the form contents.
    • Vladimir Mencl's avatar
    • Vladimir Mencl's avatar
      South migrations: improve #4 PostgreSQL workaround · 28f60f62
      Vladimir Mencl authored
      The original fix to the PostgreSQL issue with south migration 0022 did correctly change the field type, but did not add the Foreign Key constraint.
      Improve the workaround 9a2924d5 by also adding the foreign key constraint.
      For databases created with the original workaround, the foreign key constraint can be added manually with:
          ALTER TABLE edumanage_instrealmmon ADD CONSTRAINT "edumanage_i_realm_id_24cc89d4be4145e5_fk_edumanage_instrealm_id" FOREIGN KEY (realm_id) REFERENCES edumanage_instrealm(id) DEFERRABLE INITIALLY DEFERRED;
      Note that not having the constraint in does not directly break anything, but
      could lead to corrupt databases and the database structure is reported
      differently with:
          ./manage.py inspectdb
  4. 18 Feb, 2016 6 commits
    • Zenon Mousmoulas's avatar
      Update credits · 66639157
      Zenon Mousmoulas authored
    • Zenon Mousmoulas's avatar
      Merge pull request #8 from REANNZ/fix-secure · cf60b177
      Zenon Mousmoulas authored
      Two minor security fixes: construct secure URLs (for uwsgi, with examples) and
      mark cookies as secure
    • Vladimir Mencl's avatar
      Revise secure URL settings (cont.) · 6d829672
      Vladimir Mencl authored
      Actually remove the X-Forwarded-SSL header from the Apache mod_wsgi snippet.
    • Vladimir Mencl's avatar
      Revise secure URL settings · 262e5434
      Vladimir Mencl authored
      As per discussion in in #8 (primary mode of deployment is with mod_wsgi):
      * Comment out the header setting at Django side and also move it from
        settings.py to local_settings.py (because it's now a customizable item).
      * Change the header name to ````X-Forwarded-Protocol: https````
      * Change the Apache recommendation to use the header name and take it out of
        the mod_uwsgi snippet - and instead add a new section describing
        mod_proxy_http as an option.
    • Vladimir Mencl's avatar
      Use secure session cookies · e4868581
      Vladimir Mencl authored
      Django would be default use insecure cookies - that would be sent by the
      browser also over plain http.  And administrative work requiring authenticated
      sessions should be done over https - and therefore, the cookie should be marked
      as secure.
      This can be achived by setting:
          settings.SESSION_COOKIE_SECURE = True
      As this is an essential security setting that shouldn't need additional tweaks,
      adding the setting to settings.py (and not local_settings.py).
    • Vladimir Mencl's avatar
      Use secure URLs when already using SSL · 2c10a316
      Vladimir Mencl authored
      Django constructs redirect URLs as https only if request.is_secure() is true.
      And that evaluates to true if either uwsgi sets wsgi.url_scheme to https, or
      if the request header contains a key + value configured as a tuple in
      As some parts might be accessed over plain http and some over https (if Apache
      exposes both ports), the easiest is to:
      * Use the conventional header:
              X-Forwarded-SSL: on
      * Set this header from Apache SSL VirtualHost
      * Configure Django to check for this header with:
              SECURE_PROXY_SSL_HEADER = ('X-Forwarded-SSL', 'on')
      As this is an essential security setting that shouldn't need additional tweaks,
      adding the setting to settings.py (and not local_settings.py).
      Without this fix, the login form at /admin/ would upon successful login
      redirect to plain http, even when accessed over https.
  5. 17 Feb, 2016 5 commits
  6. 14 Feb, 2016 1 commit
  7. 02 Dec, 2015 2 commits
  8. 23 Nov, 2015 4 commits
  9. 21 Nov, 2015 4 commits
  10. 20 Nov, 2015 4 commits
  11. 19 Nov, 2015 2 commits
  12. 18 Nov, 2015 3 commits