- 21 Feb, 2016 3 commits
-
-
Vladimir Mencl authored
As per discussion in #10: * Make PyYAML import floating in 3.x (without pinning to 3.0.10) * Move Mako import to new file requirements-optional.txt * Update docs/installation/requirements.md to refer to requirements-optional.txt
-
Vladimir Mencl authored
A missing </div> was at times causing the footer to go out of place and cover the form contents.
-
Vladimir Mencl authored
-
- 18 Feb, 2016 6 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
Two minor security fixes: construct secure URLs (for uwsgi, with examples) and mark cookies as secure
-
Vladimir Mencl authored
Actually remove the X-Forwarded-SSL header from the Apache mod_wsgi snippet.
-
Vladimir Mencl authored
As per discussion in in #8 (primary mode of deployment is with mod_wsgi): * Comment out the header setting at Django side and also move it from settings.py to local_settings.py (because it's now a customizable item). * Change the header name to ````X-Forwarded-Protocol: https```` * Change the Apache recommendation to use the header name and take it out of the mod_uwsgi snippet - and instead add a new section describing mod_proxy_http as an option.
-
Vladimir Mencl authored
Django would be default use insecure cookies - that would be sent by the browser also over plain http. And administrative work requiring authenticated sessions should be done over https - and therefore, the cookie should be marked as secure. This can be achived by setting: settings.SESSION_COOKIE_SECURE = True As this is an essential security setting that shouldn't need additional tweaks, adding the setting to settings.py (and not local_settings.py).
-
Vladimir Mencl authored
Django constructs redirect URLs as https only if request.is_secure() is true. And that evaluates to true if either uwsgi sets wsgi.url_scheme to https, or if the request header contains a key + value configured as a tuple in settings.SECURE_PROXY_SSL_HEADER As some parts might be accessed over plain http and some over https (if Apache exposes both ports), the easiest is to: * Use the conventional header: X-Forwarded-SSL: on * Set this header from Apache SSL VirtualHost * Configure Django to check for this header with: SECURE_PROXY_SSL_HEADER = ('X-Forwarded-SSL', 'on') As this is an essential security setting that shouldn't need additional tweaks, adding the setting to settings.py (and not local_settings.py). Without this fix, the login form at /admin/ would upon successful login redirect to plain http, even when accessed over https.
-
- 17 Feb, 2016 5 commits
-
-
Zenon Mousmoulas authored
Allow AltLogin to redirect to target URLs First step in the direction of allowing local login as a login method (besides SSO).
-
Zenon Mousmoulas authored
Fixes a logical issue that could be caused by editing InstServer properties
-
Vladimir Mencl authored
When a "next" parameter exists in the context, reuse it for the redirect (instead of forcing redirect to /overview)
-
https://github.com/grnet/djnroKroustouris Stauros authored
Conflicts: djnro/templates/partial/footer.html edumanage/templatetags/template_maybe.py
-
https://github.com/grnet/djnroKroustouris Stauros authored
Conflicts: djnro/templates/partial/footer.html edumanage/templatetags/include_maybe.py
-
- 14 Feb, 2016 1 commit
-
-
Zenon Mousmoulas authored
-
- 02 Dec, 2015 2 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
institutions" use case.
-
- 23 Nov, 2015 4 commits
-
-
Sergios Aftsidis authored
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
Kroustouris Stauros authored
-
- 21 Nov, 2015 4 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
- 20 Nov, 2015 4 commits
-
-
Kroustouris Stauros authored
-
Kroustouris Stauros authored
-
Kroustouris Stauros authored
-
Kroustouris Stauros authored
-
- 19 Nov, 2015 2 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
-
- 18 Nov, 2015 6 commits
-
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
scrolling and dragging
-
Zenon Mousmoulas authored
MapEscape[1]. * Set up a js callback to automatically move Google maps controls out of the scroll area (LEFT_CENTER, opposite of scroll helper). * Use a simple jquery plugin to auto-limit map height to usable viewport height upon load/resize/rotation (perhaps use CSS3 in the future). [1] http://labs.codecomputerlove.com/MapEscape/
-
Zenon Mousmoulas authored
-
Zenon Mousmoulas authored
page and elsewhere). This was just too complicated and presented a number of quirks for non fixed- height overlayed elements.
-
Zenon Mousmoulas authored
-
- 10 Nov, 2015 3 commits
-
-
https://github.com/grnet/djnrosafts authored
-
-
Kroustouris Stauros authored
-