class AWS: """AWS configuration""" # If you all you know is the queue *name* and its AWS region, # make the URL be: # aws://https://sqs.$NAME_OF_REGION.amazonaws.com/$NAME_OF_QUEUE SQS_QUEUE_URL = values.URLValue( 'https://sqs.us-west-2.amazonaws.com/927034868273/buildhub-s3-events') S3_BUCKET_URL = values.URLValue( 'https://s3-us-west-2.amazonaws.com/buildhub-sqs-test') # For more details, see: # http://boto3.readthedocs.io/en/latest/reference/services/sqs.html#SQS.Queue.receive_messages # The duration (in seconds) for which the call waits for a message # to arrive in the queue before returning. SQS_QUEUE_WAIT_TIME_SECONDS = values.IntegerValue(10) # The duration (in seconds) that the received messages are hidden # from subsequent retrieve requests after being retrieved by # a ReceiveMessage request. # Note! This only really matters when multiple concurrent consumers run # daemons that consume the queue. SQS_QUEUE_VISIBILITY_TIMEOUT = values.IntegerValue(5) # The maximum number of messages to return. # Valid values are 1 to 10. Default is 1. SQS_QUEUE_MAX_NUMBER_OF_MESSAGES = values.IntegerValue(1)
class HerokuPostmark(Heroku): SECRET_URLS = values.DictValue({ "admin": "admin", "postmark_inbound": "postmark_inbound", "postmark_bounce": "postmark_bounce" }) FOI_EMAIL_TEMPLATE = values.Value('request+{secret}@{domain}') FOI_EMAIL_DOMAIN = values.Value('inbound.postmarkapp.com') SERVER_EMAIL = values.Value(os_env('POSTMARK_INBOUND_ADDRESS')) DEFAULT_FROM_EMAIL = values.Value(os_env('POSTMARK_INBOUND_ADDRESS')) # Official Notification Mail goes through # the normal Django SMTP Backend EMAIL_HOST = os_env('POSTMARK_SMTP_SERVER') EMAIL_PORT = values.IntegerValue(2525) EMAIL_HOST_USER = os_env('POSTMARK_API_KEY') EMAIL_HOST_PASSWORD = os_env('POSTMARK_API_KEY') EMAIL_USE_TLS = values.BooleanValue(True) # SMTP settings for sending FoI mail FOI_EMAIL_FIXED_FROM_ADDRESS = values.BooleanValue(False) FOI_EMAIL_HOST_FROM = os_env('POSTMARK_INBOUND_ADDRESS') FOI_EMAIL_HOST_USER = os_env('POSTMARK_API_KEY') FOI_EMAIL_HOST_PASSWORD = os_env('POSTMARK_API_KEY') FOI_EMAIL_HOST = os_env('POSTMARK_SMTP_SERVER') FOI_EMAIL_PORT = values.IntegerValue(2525) FOI_EMAIL_USE_TLS = values.BooleanValue(True)
class _Gunicorn: """Configure Gunicorn""" # As whom Gunicorn should run the server GUNICORN_USER = values.Value(environ_prefix=None) GUNICORN_GROUP = values.Value(environ_prefix=None) # Path to Gunicorn GUNICORN_PATH = values.PathValue('~/.virtualenvs/pactf/bin/gunicorn', environ_prefix=None, check_exists=False) # Whether to use a socket or serve directly to an address GUNICORN_USE_SOCKFILE = values.BooleanValue(False, environ_prefix=None) # Socket to communicate with GUNICORN_SOCKFILE = values.PathValue(join(BASE_DIR, 'run', 'gunicorn.sock'), environ_prefix=None, check_exists=False) # Url to directly serve to GUNICORN_IP = values.IPValue('127.0.0.1', environ_prefix=None) GUNICORN_PORT = values.IntegerValue(8001, environ_prefix=None) # Number of worker processes Gunicorn should spawn GUNICORN_NUM_WORKERS = values.IntegerValue(1, environ_prefix=None)
class BigQuery: BQ_ENABLED = values.BooleanValue(False) BQ_PROJECT_ID = values.Value("") BQ_DATASET_ID = values.Value("buildhub2") BQ_TABLE_ID = values.Value("builds") BQ_REBUILD_MAX_ERROR_COUNT = values.IntegerValue(1000) BQ_REBUILD_CHUNK_SIZE = values.IntegerValue(10000)
class S3: # How many max seconds to wait for a S3 connection when # doing a lookup. S3_LOOKUP_CONNECT_TIMEOUT = values.IntegerValue(2) # seconds S3_LOOKUP_READ_TIMEOUT = values.IntegerValue(4) # seconds # The timeouts for doing S3 uploads. # When testing S3 PUT in Stage, the longest PUTs take 20 seconds. S3_PUT_CONNECT_TIMEOUT = values.IntegerValue(10) # seconds # If upload takes longer than this it's probably best to back off. # The client will likely get a 504 error and will retry soon again. S3_PUT_READ_TIMEOUT = values.IntegerValue(30) # seconds
class AWS: """AWS configuration""" # If you all you know is the queue *name* and its AWS region, # make the URL be: # aws://https://sqs.$NAME_OF_REGION.amazonaws.com/$NAME_OF_QUEUE SQS_QUEUE_URL = values.URLValue( "https://sqs.us-west-2.amazonaws.com/927034868273/buildhub-s3-events") S3_BUCKET_URL = values.URLValue( "https://s3-us-east-1.amazonaws.com/" "net-mozaws-prod-delivery-inventory-us-east-1") # For more details, see: # http://boto3.readthedocs.io/en/latest/reference/services/sqs.html#SQS.Queue.receive_messages # The duration (in seconds) for which the call waits for a message # to arrive in the queue before returning. SQS_QUEUE_WAIT_TIME_SECONDS = values.IntegerValue(10) # The duration (in seconds) that the received messages are hidden # from subsequent retrieve requests after being retrieved by # a ReceiveMessage request. # Note! This only really matters when multiple concurrent consumers run # daemons that consume the queue. SQS_QUEUE_VISIBILITY_TIMEOUT = values.IntegerValue(5) # The maximum number of messages to return. # Valid values are 1 to 10. Default is 1. SQS_QUEUE_MAX_NUMBER_OF_MESSAGES = values.IntegerValue(1) # When we ingest the SQS queue we get a payload that contains an S3 key and # a S3 bucket name. We then assume that we can use our boto client to connect # to that bucket to read the key to download its file. That S3 bucket name # comes at runtime so it depends on the payloads which aren't know yet. # However, if you *do* know the bucket set this variable in advance so access # to it can be healthchecked. # Note that it's optional! Unset by default. # In real product it should probably be: # https://s3.amazonaws.com/net-mozaws-prod-delivery-firefox SQS_S3_BUCKET_URL = values.URLValue() # If, the S3 bucket that SQS mentioned by name is a public you can connect # to is with an unsigned client. If you don't do this, the request might # fail with: # "An error occurred (403) when calling the HeadObject operation: Forbidden" # If however, like during local development, you use a non-public bucket this # need to be set to false. UNSIGNED_SQS_S3_CLIENT = values.BooleanValue(True)
class Staging(Common): """ The in-staging settings. """ # Security BASE_DIR = os.path.dirname(os.path.dirname(__file__)) SESSION_COOKIE_SECURE = values.BooleanValue(True) SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True) SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True) SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True) SECURE_HSTS_SECONDS = values.IntegerValue(31536000) SECURE_REDIRECT_EXEMPT = values.ListValue([]) SECURE_SSL_HOST = values.Value(None) SECURE_SSL_REDIRECT = values.BooleanValue(True) SECURE_PROXY_SSL_HEADER = values.TupleValue( ('HTTP_X_FORWARDED_PROTO', 'https') ) WEBPACK_LOADER = { 'DEFAULT': { 'BUNDLE_DIR_NAME': 'bundles/', 'STATS_FILE': os.path.join(BASE_DIR, 'webpack-stats.prod.json'), } }
class Staging(Base): """ Depends on environment variables that SHOULD be defined (in addition to the base environment variables): EMAIL_HOST=smtp.example.org EMAIL_PORT=587 EMAIL_HOST_USER=babar EMAIL_HOST_PASSWORD=KingOfTheElephants """ ALLOWED_HOSTS = [ 'staging.pixel.candihub.eu', ] EMAIL_HOST = values.Value('', environ_name='EMAIL_HOST', environ_prefix=None) EMAIL_PORT = values.IntegerValue(587, environ_name='EMAIL_PORT', environ_prefix=None) EMAIL_HOST_USER = values.Value('', environ_name='EMAIL_HOST_USER', environ_prefix=None) EMAIL_HOST_PASSWORD = values.Value('', environ_name='EMAIL_HOST_PASSWORD', environ_prefix=None) EMAIL_USE_TLS = True EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_SUBJECT_PREFIX = '[Pixel/staging] ' DEFAULT_FROM_EMAIL = "Pixel Admin <*****@*****.**>" SERVER_EMAIL = DEFAULT_FROM_EMAIL
class Production(Common): ALLOWED_HOSTS = values.ListValue(environ_prefix="", default=[]) SECURE_BROWSER_XSS_FILTER = True SESSION_COOKIE_SECURE = True SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") SECURE_SSL_REDIRECT = True SECURE_HSTS_SECONDS = values.IntegerValue(environ_prefix="", default=3600) MIDDLEWARE = [ "django.middleware.http.ConditionalGetMiddleware", "django.middleware.gzip.GZipMiddleware", ] + Common.MIDDLEWARE SENTRY_CONFIG = { "dsn": os.getenv("SENTRY_DSN", ""), "environment": _environment, "release": _release, } @classmethod def post_setup(cls): super().post_setup() sentry_sdk.init(integrations=[DjangoIntegration()], **cls.SENTRY_CONFIG, send_default_pii=True)
class Production(Common): INSTALLED_APPS = Common.INSTALLED_APPS + ( "raven.contrib.django.raven_compat", ) # django-secure settings PROTOCOL = "https" SESSION_COOKIE_SECURE = True SECURE_SSL_REDIRECT = True SECURE_HSTS_SECONDS = 31536000 SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_FRAME_DENY = True SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_BROWSER_XSS_FILTER = True SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") STATICFILES_STORAGE = "storages.backends.s3boto.S3BotoStorage" STATIC_URL = "https://d2kmfhumajdz54.cloudfront.net/" EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend" EMAIL_HOST = values.Value() EMAIL_HOST_USER = values.Value() EMAIL_HOST_PASSWORD = values.SecretValue() EMAIL_PORT = values.IntegerValue() EMAIL_USE_TLS = values.BooleanValue(True) DEFAULT_FROM_EMAIL = values.Value(environ_prefix=None) # cached sessions SESSION_ENGINE = "django.contrib.sessions.backends.cached_db" CACHES = { "default": { "BACKEND": "django.core.cache.backends.locmem.LocMemCache" } }
class Staging(Common): """ The in-staging settings. """ ALLOWED_HOSTS = ['carlos-shortener.herokuapp.com', 'cour.fun'] # Security SESSION_COOKIE_SECURE = values.BooleanValue(True) SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True) SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True) SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True) SECURE_HSTS_SECONDS = values.IntegerValue(31536000) SECURE_REDIRECT_EXEMPT = values.ListValue([]) SECURE_SSL_HOST = values.Value(None) SECURE_SSL_REDIRECT = values.BooleanValue(False) #SECURE_PROXY_SSL_HEADER = values.TupleValue( # ('HTTP_X_FORWARDED_PROTO', 'https') #) HOSTNAME = 'cour.fun' EMAIL_BACKEND = "sendgrid_backend.SendgridBackend" SENDGRID_API_KEY = values.SecretValue() SENTRY_DSN = values.SecretValue() @classmethod def post_setup(cls): sentry_sdk.init(dsn=cls.SENTRY_DSN, integrations=[DjangoIntegration()])
def QUERYCOUNT(self): return { 'IGNORE_REQUEST_PATTERNS': [r'^/admin/'], 'IGNORE_SQL_PATTERNS': [r'^silk_'], 'DISPLAY_DUPLICATES': values.IntegerValue(environ_name='QUERYCOUNT_DISPLAY_DUPLICATES'), }
class Staging(Common): """ The in-staging settings. """ INSTALLED_APPS = Common.INSTALLED_APPS + ('storages', ) # django-secure now integrated inside django 1.8+ SESSION_COOKIE_SECURE = values.BooleanValue(True) SECURE_SSL_REDIRECT = values.BooleanValue(True) SECURE_HSTS_SECONDS = values.IntegerValue(31536000) SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True) SECURE_FRAME_DENY = values.BooleanValue(True) SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True) SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True) SECURE_PROXY_SSL_HEADER = values.TupleValue( ('HTTP_X_FORWARDED_PROTO', 'https')) AWS_ACCESS_KEY_ID = values.Value(environ_prefix=None) AWS_SECRET_ACCESS_KEY = values.Value(environ_prefix=None) AWS_STORAGE_BUCKET_NAME = 'grp-portfolio-media' AWS_QUERYSTRING_AUTH = values.BooleanValue(False) S3_URL = 'http://%s.s3.amazonaws.com/' % AWS_STORAGE_BUCKET_NAME MEDIA_ROOT = '/media/' MEDIA_URL = S3_URL + MEDIA_ROOT DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage' EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' PROTOCOL = 'https'
class ProductionInsecure(Production): """ Settings for a production-like environment that lacks many security features. Useful for testing and setups where security is provided by other means. Not intended for general use on the public internet. """ SECRET_KEY = values.Value("not a secret") ALLOWED_HOSTS = values.ListValue(["*"]) SECURE_SSL_REDIRECT = values.BooleanValue(False) CSRF_COOKIE_SECURE = values.BooleanValue(False) SECURE_HSTS_SECONDS = values.IntegerValue(0) SESSION_COOKIE_SECURE = values.BooleanValue(False) # These checks aren't useful for a purposefully insecure environment SILENCED_SYSTEM_CHECKS = values.ListValue([ "security.W001", # security middleware check "security.W003", # CSRF middleware check "security.W004", # check hsts seconds "security.W008", # Secure SSL redirect "security.W009", # Secret key length "security.W012", # Check session cookie secure "security.W016", # Check CSRF cookie secure ])
class Production(Base): """Settings for the production environment.""" USE_X_FORWARDED_HOST = values.BooleanValue(True) SECURE_PROXY_SSL_HEADER = values.TupleValue(('HTTP_X_FORWARDED_PROTO', 'https')) LOGGING_USE_JSON = values.Value(True) SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year DEFAULT_FILE_STORAGE = values.Value('storages.backends.s3boto3.S3Boto3Storage')
class Email(object): """Email settings for public projects.""" EMAIL_HOST = values.Value('localhost') EMAIL_PORT = values.IntegerValue(25) # Alternate TLS port is 587 EMAIL_USE_TLS = values.BooleanValue(True) EMAIL_HOST_USER = values.Value('*****@*****.**') EMAIL_HOST_PASSWORD = values.SecretValue()
class Development(Base): """Settings for local development.""" DOTENV_EXISTS = os.path.exists(os.path.join(Core.BASE_DIR, ".env")) DOTENV = ".env" if DOTENV_EXISTS else None SECRET_KEY = values.Value("not a secret") DEBUG = values.BooleanValue(True) AUTH_PASSWORD_VALIDATORS = values.ListValue([]) INSTALLED_APPS = Base.INSTALLED_APPS + ["sslserver"] EMAIL_BACKEND = values.Value( "django.core.mail.backends.console.EmailBackend") SECURE_SSL_REDIRECT = values.Value(False) REQUIRE_RECIPE_AUTH = values.BooleanValue(False) PEER_APPROVAL_ENFORCED = values.BooleanValue(False) CSP_REPORT_URI = values.Value("") DEFAULT_FILE_STORAGE = values.Value( "django.core.files.storage.FileSystemStorage") API_CACHE_ENABLED = values.BooleanValue(False) API_CACHE_TIME = values.IntegerValue(0) SWAGGER_SETTINGS = Base.SWAGGER_SETTINGS SWAGGER_SETTINGS["VALIDATOR_URL"] = None SILENCED_SYSTEM_CHECKS = values.ListValue(["normandy.recipes.E006" ]) # geoip db not available
class ProductionInsecure(Production): """ Settings for a production-like environment that lacks many security features. Useful for testing and setups where security is provided by other means. Not intended for general use on the public internet. """ INSTALLED_APPS = Production.INSTALLED_APPS + ['sslserver'] SECRET_KEY = values.Value('not a secret') ALLOWED_HOSTS = values.ListValue(['*']) SECURE_SSL_REDIRECT = values.BooleanValue(False) CSRF_COOKIE_SECURE = values.BooleanValue(False) SECURE_HSTS_SECONDS = values.IntegerValue(0) SESSION_COOKIE_SECURE = values.BooleanValue(False) # These checks aren't useful for a purposefully insecure environment SILENCED_SYSTEM_CHECKS = values.ListValue([ 'security.W001', # security middleware check 'security.W004', # check hsts seconds 'security.W008', # Secure SSL redirect 'security.W009', # Secret key length 'security.W012', # Check session cookie secure 'security.W016', # Check CSRF cookie secure 'security.W017', # Check CSRF cookie http only ])
class Production(Common): """ The production settings. """ INSTALLED_APPS = Common.INSTALLED_APPS + ( 'djangosecure', 'raven.contrib.django.raven_compat', ) SPEAKER_SUBMISSION = False ALLOWED_HOSTS = [ 'speakers.herokuapp.com', 'calltospeakers.com', 'www.calltospeakers.com', ] # django-secure SESSION_COOKIE_SECURE = values.BooleanValue(True) SECURE_SSL_REDIRECT = values.BooleanValue(True) SECURE_HSTS_SECONDS = values.IntegerValue(31536000) SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True) SECURE_FRAME_DENY = values.BooleanValue(True) SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True) SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True) SECURE_PROXY_SSL_HEADER = values.TupleValue( ('HTTP_X_FORWARDED_PROTO', 'https'))
class Production(Base): """Settings for the production environment.""" USE_X_FORWARDED_HOST = values.BooleanValue(True) SECURE_PROXY_SSL_HEADER = values.TupleValue(('HTTP_X_FORWARDED_PROTO', 'https')) LOGGING_USE_JSON = values.Value(True) SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year DEFAULT_FILE_STORAGE = values.Value('normandy.base.storage.S3Boto3PermissiveStorage') AWS_S3_FILE_OVERWRITE = False
class Databases(object): """Settings for PostgreSQL databases.""" DATABASES = {'default': dj_database_url.config(env='DEFAULT_DATABASE_URL')} # Number of seconds database connections should persist for DATABASES['default']['CONN_MAX_AGE'] = values.IntegerValue( 600, environ_prefix='', environ_name='DEFAULT_CONN_MAX_AGE')
def RAVEN_CONFIG(self): return { 'dsn': values.URLValue(None, environ_name='RAVEN_CONFIG_DSN'), 'string_max_length': values.IntegerValue(2000, environ_name='RAVEN_CONFIG_STRING_MAX_LENGTH') }
class Production(Base): """Settings for the production environment.""" SECURE_PROXY_SSL_HEADER = values.TupleValue(("HTTP_X_FORWARDED_PROTO", "https")) LOGGING_USE_JSON = values.Value(True) SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year DEFAULT_FILE_STORAGE = values.Value("normandy.base.storage.NormandyS3Boto3Storage") AWS_S3_FILE_OVERWRITE = False METRICS_USE_STATSD = values.Value(True)
class RedisSettings(object): """ Base Redis settings using both common REDIS_* settings, or 12factor. REDIS_URL builds from REDIS_* settings. When supplied, the REDIS_* settings superseed REDIS_URL. """ REDIS_HOST = values.Value('localhost', environ_prefix=None, environ_required=False) REDIS_PORT = values.IntegerValue(_DEFAULT_REDIS_PORT, environ_prefix=None, environ_required=False) REDIS_DB = values.IntegerValue(_DEFAULT_REDIS_DB, environ_prefix=None, environ_required=False) @property def REDIS_URL(self): return os.getenv('REDIS_URL', mk_redis_db_url(_DEFAULT_REDIS_DB))
class Production(Common): # See https://docs.djangoproject.com/en/2.0/ref/settings/ for a description # of each Django setting. # django-cors-headers SETTINGS # -------------------------------------------------------------------------- # TODO: Re-enable this. # CORS_ORIGIN_WHITELIST = values.ListValue([], environ_required=True) # SECURITY SETTINGS # -------------------------------------------------------------------------- SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' SESSION_CACHE_ALIAS = 'default' if Common.SITE_SCHEME == 'https': # WARNING: Set this to 518400 (6 days) after the web application is # configured correctly to confidently serve HTTPS. SECURE_HSTS_SECONDS = values.IntegerValue(60) SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_SSL_REDIRECT = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True # MIDDLEWARE SETTINGS # -------------------------------------------------------------------------- MIDDLEWARE = [ 'raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware', 'django_auth_wall.middleware.BasicAuthMiddleware', ] + Common.MIDDLEWARE # EMAIL SETTINGS # The settings below are suitable for using SendGrid's Web API for sending # email from Django. # -------------------------------------------------------------------------- EMAIL_BACKEND = 'anymail.backends.sendgrid.EmailBackend' ANYMAIL = { 'SENDGRID_API_KEY': values.Value('', environ_name='SENDGRID_API_KEY', environ_required=True), } # TEMPLATE SETTINGS # -------------------------------------------------------------------------- Common.TEMPLATES[0]['OPTIONS']['loaders'] = [ ('django.template.loaders.cached.Loader', Common.TEMPLATES[0]['OPTIONS']['loaders']), ] # INSTALLED APPS SETTINGS # -------------------------------------------------------------------------- INSTALLED_APPS = Common.INSTALLED_APPS + [ 'gunicorn', 'anymail', ]
class Stage(Base): """Configuration for the Stage server.""" # Defaulting to 'localhost' here because that's where the Datadog # agent is expected to run in production. STATSD_HOST = values.Value("localhost") STATSD_PORT = values.Value(8125) STATSD_NAMESPACE = values.Value("") @property def MARKUS_BACKENDS(self): return [{ "class": "markus.backends.datadog.DatadogMetrics", "options": { "statsd_host": self.STATSD_HOST, "statsd_port": self.STATSD_PORT, "statsd_namespace": self.STATSD_NAMESPACE, }, }] ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https" SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") @property def DATABASES(self): "require encrypted connections to Postgres" DATABASES = super().DATABASES.copy() DATABASES["default"].setdefault("OPTIONS", {})["sslmode"] = "require" return DATABASES # Sentry setup SENTRY_DSN = values.Value(environ_prefix=None) MIDDLEWARE = [ "raven.contrib.django.raven_compat.middleware" ".SentryResponseErrorIdMiddleware" ] + Base.MIDDLEWARE INSTALLED_APPS = Base.INSTALLED_APPS + [ "raven.contrib.django.raven_compat" ] @property def RAVEN_CONFIG(self): config = { "dsn": self.SENTRY_DSN, # "transport": RequestsHTTPTransport } if self.VERSION: config["release"] = (self.VERSION.get("version") or self.VERSION.get("commit") or "") return config SECURE_HSTS_SECONDS = values.IntegerValue(31536000) # 1 year
class Production(Staging): """ The in-production settings. """ SESSION_COOKIE_SECURE = values.BooleanValue(True) SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True) SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True) SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True) SECURE_HSTS_SECONDS = values.IntegerValue(31536000) SECURE_REDIRECT_EXEMPT = values.ListValue(["localhost", "127.0.0.1"]) SECURE_SSL_HOST = values.Value(None) SECURE_SSL_REDIRECT = values.BooleanValue(True)
class Production(Common): # Security SESSION_COOKIE_SECURE = values.BooleanValue(True) SECURE_BROWSER_XSS_FILTER = values.BooleanValue(True) SECURE_CONTENT_TYPE_NOSNIFF = values.BooleanValue(True) SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True) SECURE_HSTS_SECONDS = values.IntegerValue(31536000) SECURE_REDIRECT_EXEMPT = values.ListValue([]) SECURE_SSL_HOST = values.Value(None) SECURE_SSL_REDIRECT = values.BooleanValue(True) SECURE_PROXY_SSL_HEADER = values.TupleValue( ('HTTP_X_FORWARDED_PROTO', 'https')) ALLOWED_HOSTS = ['*']
class ProductionInsecure(Production): """ Settings for a production-like environment that lacks many security features. Useful for testing and setups where security is provided by other means. Not intended for general use on the public internet. """ SECRET_KEY = values.Value('not a secret') ALLOWED_HOSTS = values.ListValue(['*']) SECURE_SSL_REDIRECT = values.BooleanValue(False) CSRF_COOKIE_SECURE = values.BooleanValue(False) SECURE_HSTS_SECONDS = values.IntegerValue(0) SESSION_COOKIE_SECURE = values.BooleanValue(False)
class Email(object): """Email settings for SMTP.""" EMAIL_HOST = values.Value('localhost') EMAIL_HOST_PASSWORD = values.SecretValue() EMAIL_HOST_USER = values.Value('*****@*****.**') EMAIL_PORT = values.IntegerValue(465) EMAIL_USE_SSL = values.BooleanValue(True) EMAIL_USE_TLS = values.BooleanValue(False)