mirrors/django-components
1
0
Fork 0
mirror of https://github.com/django-components/django-components.git synced 2025-10-09 21:41:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Introduce safer_staticfiles app as user-friendly security measure for #260 (#261)

Browse source 
* Introduce safer_staticfiles app to ignore .py,.html as security measure. Docs up-to-date

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
This commit is contained in:
adriaan 2023-04-11 13:55:11 +02:00 committed by GitHub
parent 2fa8b46936
commit fa41387a53
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 59 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
sampleproject/sampleproject/settings.py
View file

@ -19,18 +19,20 @@ DEBUG = True
ALLOWED_HOSTS = []
# Application definition
INSTALLED_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
# Replaced by django_components.safer_staticfiles as of v0.27:
# "django.contrib.staticfiles",
"django_components",
"django_components.safer_staticfiles",
"calendarapp",
]
# Application definition
MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
@ -122,11 +124,11 @@ USE_TZ = True
# https://docs.djangoproject.com/en/4.0/howto/static-files/
STATIC_URL = "static/"
STATICFILES_DIRS = [
BASE_DIR / "components",
]
STATICFILES_DIRS = [BASE_DIR / "components"]
# Default primary key field type
# https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field
DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
STATIC_ROOT = "staticfiles"