Introduce safer_staticfiles app as user-friendly security measure for #260 (#261)

* Introduce safer_staticfiles app to ignore .py,.html as security measure. Docs up-to-date * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
2025-07-19 06:15:00 +00:00 · 2023-04-11 13:55:11 +02:00 · 2023-04-11 13:55:11 +02:00 · fa41387a53
commit fa41387a53
parent 2fa8b46936
5 changed files with 59 additions and 7 deletions
--- a/django_components/safer_staticfiles/apps.py
+++ b/django_components/safer_staticfiles/apps.py
@ -0,0 +1,18 @@
+from django.contrib.staticfiles.apps import StaticFilesConfig
+
+
+class SaferStaticFilesConfig(StaticFilesConfig):
+    """
+    Extend the `ignore_patterns` class attr of StaticFilesConfig to include Python
+    modules and HTML files.
+
+    When this class is registered as an installed app,
+    `$ ./manage.py collectstatic` will ignore .py and .html files,
+    preventing potentially sensitive backend logic from being leaked
+    by the static file server.
+    """
+
+    default = (
+        True  # Ensure that _this_ app is registered, as opposed to parent cls.
+    )
+    ignore_patterns = StaticFilesConfig.ignore_patterns + ["*.py", "*.html"]