Merge pull request #553 from MITx/feature/bridger/new_wiki

Added SECURE_PROXY_SSL_HEADER to env/aws. Re-enabled wiki directories

Merge pull request #553 from MITx/feature/bridger/new_wiki
Added SECURE_PROXY_SSL_HEADER to env/aws. Re-enabled wiki directories
b5c90166 · Calen Pennington · 24de1299 · 268a8744 · b5c90166 · b5c90166
Commit b5c90166 authored Aug 24, 2012 by Calen Pennington
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

lms/envs/aws.py
+6 -0

lms/templates/wiki/article.html
+0 -2

No files found.
--- a/lms/envs/aws.py
+++ b/lms/envs/aws.py
@@ -23,6 +23,12 @@ DEFAULT_FILE_STORAGE = 'storages.backends.s3boto.S3BotoStorage'
 MITX_FEATURES['ENABLE_DISCUSSION'] = False
 MITX_FEATURES['ENABLE_DISCUSSION_SERVICE'] = True

+# IMPORTANT: With this enabled, the server must always be behind a proxy that 
+# strips the header HTTP_X_FORWARDED_PROTO from client requests. Otherwise,
+# a user can fool our server into thinking it was an https connection.
+# See https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
+# for other warnings.
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

 ########################### NON-SECURE ENV CONFIG ##############################
 # Things like server locations, ports, etc.

--- a/lms/templates/wiki/article.html
+++ b/lms/templates/wiki/article.html
@@ -33,11 +33,9 @@
      </div>

      {% if urlpath %}
-      <!--
      <div class="see-children">
        <a href="{% url 'wiki:dir' path=urlpath.path %}">See all children</a>
      </div>
-      -->
      {% endif %}
    </div>
  </div>