date:20150701

[mezzanine-users] https or SSL redirect for whole site in Cartridge

2015-07-01 Thread vikraw

I was trying to configure SSL redirect for whole site using nginx.conf but 
was running into errors redirecting in ways that request will never be 
completed. After reading the mezzanine docs and django 
SECURE_PROXY_SSL_HEADER, I came with following way to enable SSL for whole 
site - the site pages are now being server over HTTPS but I am wary that it 
could creates big security holes as i change a default setting which is 
used in the SSLMiddleware logic by mezzanine. Here are my changes

In my projects 'settings.py' - set SSL_FORCED_PREFIXES_ONLY = False

modify 'nginx.conf' in deploy folder as follows

add following server block
server {
listen 80;
return 301 https://%(domains_nginx)s$request_uri;
}

modify default/provided server 
server {
### listen 
80; 
  
comment it out
listen 443 ssl;
proxy_set_headerX-Forwarded-Protocol
https;  set it to https
}


Approach - 2 - The Recommended way I saw was to add all of the major 
prefixes to following setting
SSL_FORCE_URL_PREFIXES 
   SSL_ENABLED = True

Any feedback on which one to use and why? I am not full aware of so many 
security options and protocols. I ran my site against QualSys - 
https://www.ssllabs.com/ssltest/analyze.html with the default 
fabric/cartridge deploy settings. The site gave a rating of C 
   

-- 
You received this message because you are subscribed to the Google Groups 
Mezzanine Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [mezzanine-users] Text processing code?

2015-07-01 Thread Brandon Keith Biggs


Hello Ken,
This doesn't look like what I want.
I am talking about inside MCE editor.
Where is the code that takes the text inside an edit field and does 
stuff with it?

thanks,

Brandon Keith Biggs http://www.brandonkeithbiggs.com/
On 7/1/2015 3:00 PM, Ken Bolton wrote:

Hi Brandon,

This question is not specific to Mezzanine. I believe you want to read 
up on Django's custom template tags 
https://docs.djangoproject.com/en/1.8/howto/custom-template-tags/. 
Let us know if that gets it done.


-ken

On Wed, Jul 1, 2015 at 2:39 AM, Brandon Keith Biggs 
brandonkeithbi...@gmail.com mailto:brandonkeithbi...@gmail.com wrote:


Hello,
I would like a way where I can check the code that is in the text
editor when it is submitted to be saved for blog and page text.
I would like to be able to place variables in my code without
creating a separate template for every page with the variables.
I have a variable as my age. So I would like it to update every
year. I would like to write something like:
[brandon_age]
or
{{brandon_age}}
and when my check finds the set of brakets like that, have it
check for a function or variable in a file and if it matches, show
the result. Where would I place this check?
thanks,

-- 
Brandon Keith Biggs http://www.brandonkeithbiggs.com/
-- 
You received this message because you are subscribed to the Google

Groups Mezzanine Users group.
To unsubscribe from this group and stop receiving emails from it,
send an email to mezzanine-users+unsubscr...@googlegroups.com
mailto:mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google 
Groups Mezzanine Users group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to mezzanine-users+unsubscr...@googlegroups.com 
mailto:mezzanine-users+unsubscr...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups Mezzanine 
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mezzanine-users] TESTING, South, Django-Redirects, and OPTIONAL_APPS

2015-07-01 Thread shawn . vanittersum

When running manage.py test, Mezzanine's utils/conf.py automatically sets 
settings.TESTING = True. A few lines later, it forks based on the TESTING 
setting:

If TESTING is False, then South and OPTIONAL_APPS are added to 
INSTALLED_APPS.
If TESTING is True, then those apps are NOT added, and furthermore 
django.contrib.redirects is removed from INSTALLED_APPS.

1. What is the rationale for removing django.contrib.redirects during 
testing?
2. What is the rationale for removing South during testing?
3. Why aren't the optional apps loaded during testing?
4. How can we override or prevent these configurations?

Thanks,
Shawn

-- 
You received this message because you are subscribed to the Google Groups 
Mezzanine Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [mezzanine-users] https or SSL redirect for whole site in Cartridge

2015-07-01 Thread Josh Cartmell

I would redirect with nginx and then set SSL_FORCED_PREFIXES_ONLY,
https://github.com/stephenmcd/mezzanine/blob/master/mezzanine/core/defaults.py#L440,
to False in your settings.py file.  That way Mezzanine won't try to
redirect away from SSL ever.

Alternatively you could probably do this in your settings.py:
SSL_FORCE_URL_PREFIXES = ('/',)

Good luck!

On Wed, Jul 1, 2015 at 2:11 PM, vikraw vik...@gmail.com wrote:

 I was trying to configure SSL redirect for whole site using nginx.conf but
 was running into errors redirecting in ways that request will never be
 completed. After reading the mezzanine docs and django
 SECURE_PROXY_SSL_HEADER, I came with following way to enable SSL for whole
 site - the site pages are now being server over HTTPS but I am wary that it
 could creates big security holes as i change a default setting which is
 used in the SSLMiddleware logic by mezzanine. Here are my changes

 In my projects 'settings.py' - set SSL_FORCED_PREFIXES_ONLY = False

 modify 'nginx.conf' in deploy folder as follows

 add following server block
 server {
 listen 80;
 return 301 https://%(domains_nginx)s$request_uri;
 }

 modify default/provided server
 server {
 ### listen
 80;
 comment it out
 listen 443 ssl;
 proxy_set_headerX-Forwarded-Protocol
 https;  set it to https
 }


 Approach - 2 - The Recommended way I saw was to add all of the major
 prefixes to following setting
 SSL_FORCE_URL_PREFIXES
SSL_ENABLED = True

 Any feedback on which one to use and why? I am not full aware of so many
 security options and protocols. I ran my site against QualSys -
 https://www.ssllabs.com/ssltest/analyze.html with the default
 fabric/cartridge deploy settings. The site gave a rating of C


  --
 You received this message because you are subscribed to the Google Groups
 Mezzanine Users group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to mezzanine-users+unsubscr...@googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.


-- 
You received this message because you are subscribed to the Google Groups 
Mezzanine Users group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mezzanine-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mezzanine-users] https or SSL redirect for whole site in Cartridge

Re: [mezzanine-users] Text processing code?

[mezzanine-users] TESTING, South, Django-Redirects, and OPTIONAL_APPS

Re: [mezzanine-users] https or SSL redirect for whole site in Cartridge

4 matches

Site Navigation

Mail list logo

Footer information