Configure CSRF as required by Django 4.2 (#211)

* set CSRF_TRUSTED_ORIGINS required by Django 4.2 * remove versioningit pin
neutrons · Feb 7, 2025 · 0e916db · 0e916db
1 parent 5b7f266
commit 0e916db
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 16 deletions.
diff --git a/conda_environment.yml b/conda_environment.yml
@@ -17,7 +17,7 @@ dependencies:
   - setuptools
   - stomp.py=8
   - urllib3
-  - versioningit~=1.1
+  - versioningit
   - pyoncat
   - sphinx_rtd_theme=1.2.*  # readthedocs use this env file, and we need to install this theme here
   - sphinxcontrib-mermaid

diff --git a/src/dasmon_app/pyproject.toml b/src/dasmon_app/pyproject.toml
@@ -1,5 +1,5 @@
 [build-system]
-requires = ["setuptools >= 42", "wheel", "toml", "versioningit ~= 1.1"]
+requires = ["setuptools >= 42", "wheel", "toml", "versioningit"]
 build-backend = "setuptools.build_meta"
 
 [tool.versioningit.vcs]

diff --git a/src/webmon_app/pyproject.toml b/src/webmon_app/pyproject.toml
@@ -1,5 +1,5 @@
 [build-system]
-requires = ["setuptools >= 42", "wheel", "toml", "versioningit ~= 1.1"]
+requires = ["setuptools >= 42", "wheel", "toml", "versioningit"]
 build-backend = "setuptools.build_meta"
 
 [tool.check-wheel-contents]

diff --git a/src/webmon_app/reporting/reporting_app/settings/base.py b/src/webmon_app/reporting/reporting_app/settings/base.py
@@ -34,7 +34,6 @@ def validate_ldap_settings(server_uri, user_dn_template):
 
 
 DEBUG = environ.get("DEBUG", True)
-TEMPLATE_DEBUG = DEBUG
 
 ADMINS = (
     # ('Your Name', '[email protected]'),
@@ -98,15 +97,6 @@ def validate_ldap_settings(server_uri, user_dn_template):
 # Make this unique, and don't share it with anybody.
 SECRET_KEY = "-0zoc$fl2fa&amp;rmzeo#uh-qz-k+4^1)_9p1qwby1djzybqtl_nn"
 
-# ------- Template settings for Django 1.6 ------
-TEMPLATE_LOADERS = (
-    "django.template.loaders.filesystem.Loader",
-    "django.template.loaders.app_directories.Loader",
-    #     'django.template.loaders.eggs.Loader',
-)
-TEMPLATE_DIRS = (BASE_DIR / "templates",)
-# ------ End of template settings for Django 1.6 ------
-
 TEMPLATES = [
     {
         "BACKEND": "django.template.backends.django.DjangoTemplates",
@@ -160,7 +150,7 @@ def validate_ldap_settings(server_uri, user_dn_template):
     }
 }
 
-MIDDLEWARE_CLASSES = (
+MIDDLEWARE = (
     "django.middleware.common.CommonMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
@@ -170,7 +160,6 @@ def validate_ldap_settings(server_uri, user_dn_template):
     # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
     # 'debug_toolbar.middleware.DebugToolbarMiddleware',
 )
-MIDDLEWARE = MIDDLEWARE_CLASSES
 
 ROOT_URLCONF = "reporting.reporting_app.urls"
 

diff --git a/src/webmon_app/reporting/reporting_app/settings/prod.py b/src/webmon_app/reporting/reporting_app/settings/prod.py
@@ -13,3 +13,6 @@
 DEBUG = environ.get("DEBUG", False)
 
 validate_ldap_settings(server_uri=AUTH_LDAP_SERVER_URI, user_dn_template=AUTH_LDAP_USER_DN_TEMPLATE)  # noqa: F405
+
+CSRF_TRUSTED_ORIGINS = ["https://monitor.sns.gov", "https://webmon-test.ornl.gov"]
+CSRF_COOKIE_SECURE = True
diff --git a/src/workflow_app/pyproject.toml b/src/workflow_app/pyproject.toml
@@ -1,5 +1,5 @@
 [build-system]
-requires = ["setuptools >= 42", "wheel", "toml", "versioningit ~= 1.1"]
+requires = ["setuptools >= 42", "wheel", "toml", "versioningit"]
 build-backend = "setuptools.build_meta"
 
 [tool.versioningit.vcs]