mirror of
https://github.com/django-components/django-components.git
synced 2025-07-24 08:43:43 +00:00
fa41387a53
* Introduce safer_staticfiles app to ignore .py,.html as security measure. Docs up-to-date * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
18 lines
643 B
Python
18 lines
643 B
Python
from django.contrib.staticfiles.apps import StaticFilesConfig
|
|
|
|
|
|
class SaferStaticFilesConfig(StaticFilesConfig):
|
|
"""
|
|
Extend the `ignore_patterns` class attr of StaticFilesConfig to include Python
|
|
modules and HTML files.
|
|
|
|
When this class is registered as an installed app,
|
|
`$ ./manage.py collectstatic` will ignore .py and .html files,
|
|
preventing potentially sensitive backend logic from being leaked
|
|
by the static file server.
|
|
"""
|
|
|
|
default = (
|
|
True # Ensure that _this_ app is registered, as opposed to parent cls.
|
|
)
|
|
ignore_patterns = StaticFilesConfig.ignore_patterns + ["*.py", "*.html"]
|