- 21 Feb, 2016 1 commit
-
-
Vladimir Mencl authored
The original fix to the PostgreSQL issue with south migration 0022 did correctly change the field type, but did not add the Foreign Key constraint. Improve the workaround 9a2924d5 by also adding the foreign key constraint. For databases created with the original workaround, the foreign key constraint can be added manually with: ALTER TABLE edumanage_instrealmmon ADD CONSTRAINT "edumanage_i_realm_id_24cc89d4be4145e5_fk_edumanage_instrealm_id" FOREIGN KEY (realm_id) REFERENCES edumanage_instrealm(id) DEFERRABLE INITIALLY DEFERRED; Note that not having the constraint in does not directly break anything, but could lead to corrupt databases and the database structure is reported differently with: ./manage.py inspectdb
-
- 18 Feb, 2016 6 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
Two minor security fixes: construct secure URLs (for uwsgi, with examples) and mark cookies as secure
-
Vladimir Mencl authored
Actually remove the X-Forwarded-SSL header from the Apache mod_wsgi snippet.
-
Vladimir Mencl authored
As per discussion in in #8 (primary mode of deployment is with mod_wsgi): * Comment out the header setting at Django side and also move it from settings.py to local_settings.py (because it's now a customizable item). * Change the header name to ````X-Forwarded-Protocol: https```` * Change the Apache recommendation to use the header name and take it out of the mod_uwsgi snippet - and instead add a new section describing mod_proxy_http as an option.
-
Vladimir Mencl authored
Django would be default use insecure cookies - that would be sent by the browser also over plain http. And administrative work requiring authenticated sessions should be done over https - and therefore, the cookie should be marked as secure. This can be achived by setting: settings.SESSION_COOKIE_SECURE = True As this is an essential security setting that shouldn't need additional tweaks, adding the setting to settings.py (and not local_settings.py).
-
Vladimir Mencl authored
Django constructs redirect URLs as https only if request.is_secure() is true. And that evaluates to true if either uwsgi sets wsgi.url_scheme to https, or if the request header contains a key + value configured as a tuple in settings.SECURE_PROXY_SSL_HEADER As some parts might be accessed over plain http and some over https (if Apache exposes both ports), the easiest is to: * Use the conventional header: X-Forwarded-SSL: on * Set this header from Apache SSL VirtualHost * Configure Django to check for this header with: SECURE_PROXY_SSL_HEADER = ('X-Forwarded-SSL', 'on') As this is an essential security setting that shouldn't need additional tweaks, adding the setting to settings.py (and not local_settings.py). Without this fix, the login form at /admin/ would upon successful login redirect to plain http, even when accessed over https.
-
- 17 Feb, 2016 5 commits
-
-
Zenon Mousmoulas authored
Allow AltLogin to redirect to target URLs First step in the direction of allowing local login as a login method (besides SSO).
-
Zenon Mousmoulas authored
Fixes a logical issue that could be caused by editing InstServer properties
-
Vladimir Mencl authored
When a "next" parameter exists in the context, reuse it for the redirect (instead of forcing redirect to /overview)
-
https://github.com/grnet/djnroKroustouris Stauros authored
Conflicts: djnro/templates/partial/footer.html edumanage/templatetags/template_maybe.py
-
https://github.com/grnet/djnroKroustouris Stauros authored
Conflicts: djnro/templates/partial/footer.html edumanage/templatetags/include_maybe.py
-
- 14 Feb, 2016 1 commit
-
-
Zenon Mousmoulas authored
-
- 02 Dec, 2015 2 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
institutions" use case.
-
- 23 Nov, 2015 4 commits
-
-
Sergios Aftsidis authored
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
Kroustouris Stauros authored
-
- 21 Nov, 2015 4 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
- 20 Nov, 2015 4 commits
-
-
Kroustouris Stauros authored
-
Kroustouris Stauros authored
-
Kroustouris Stauros authored
-
Kroustouris Stauros authored
-
- 19 Nov, 2015 2 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
- 18 Nov, 2015 6 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
scrolling and dragging
-
Zenon Mousmoulas authored
MapEscape[1]. * Set up a js callback to automatically move Google maps controls out of the scroll area (LEFT_CENTER, opposite of scroll helper). * Use a simple jquery plugin to auto-limit map height to usable viewport height upon load/resize/rotation (perhaps use CSS3 in the future). [1] http://labs.codecomputerlove.com/MapEscape/
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
page and elsewhere). This was just too complicated and presented a number of quirks for non fixed- height overlayed elements.
-
Zenon Mousmoulas authored
-
- 10 Nov, 2015 5 commits
-
-
https://github.com/grnet/djnrosafts authored
-
-
Kroustouris Stauros authored
-
Kroustouris Stauros authored
-
Zenon Mousmoulas authored
A few fixes for parse_institution_xml management command
-