altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 4 Packages Projects Releases Wiki Activity

chore: config gunicorn secure_scheme_headers (#8632)

Browse source 
* chore: config gunicorn secure_scheme_headers

* chore: typo in comment
This commit is contained in:
Jennifer Richards 2025-03-03 14:51:14 -04:00 committed by GitHub
parent cb8ef96f36
commit 232a861f8a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
dev/build/gunicorn.conf.py
View file

@ -1,5 +1,11 @@
# Copyright The IETF Trust 2024, All Rights Reserved
# Configure security scheme headers for forwarded requests. Cloudflare sets X-Forwarded-Proto
# for us. Don't trust any of the other similar headers. Only trust the header if it's coming
# from localhost, as all legitimate traffic will reach gunicorn via co-located nginx.
secure_scheme_headers = {"X-FORWARDED-PROTO": "https"}
forwarded_allow_ips = "127.0.0.1, ::1" # this is the default
# Log as JSON on stdout (to distinguish from Django's logs on stderr)
#
# This is applied as an update to gunicorn's glogging.CONFIG_DEFAULTS.