Skip to content

Security & Authentication Parameters

USE_X_FORWARDED_HOST

Default: True

Use the X-Forwarded-Host header in preference to the Host header. This should only be enabled if a proxy which sets this header is in use.

SECURE_PROXY_SSL_HEADER

Default: ("HTTP_X_FORWARDED_PROTO", "https")

Parse defined header to let Django know that HTTPS is being used. This way e.g. generated API URLs will have the corresponding https:// prefix.

Use SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") to check for https value in X-Forwarded-Proto header.

CORS_ORIGIN_ALLOW_ALL

Default: False

If True, cross-origin resource sharing (CORS) requests will be accepted from all origins. If False, a whitelist will be used (see below).

CORS_ORIGIN_WHITELIST

CORS_ORIGIN_REGEX_WHITELIST

These settings specify a list of origins that are authorized to make cross-site API requests. Use CORS_ORIGIN_WHITELIST to define a list of exact hostnames, or CORS_ORIGIN_REGEX_WHITELIST to define a set of regular expressions. (These settings have no effect if CORS_ORIGIN_ALLOW_ALL is True). For example:

CORS_ORIGIN_WHITELIST = [
    'https://example.com',
]

Default: csrftoken

The name of the cookie to use for the cross-site request forgery (CSRF) authentication token. See the Django documentation for more detail.

Default: False

If true, the cookie employed for cross-site request forgery (CSRF) protection will be marked as secure, meaning that it can only be sent across an HTTPS connection.

CSRF_TRUSTED_ORIGINS

Default: []

Defines a list of trusted origins for unsafe (e.g. POST) requests. This is a pass-through to Django's CSRF_TRUSTED_ORIGINS setting. Note that each host listed must specify a scheme (e.g. http:// or https://).

CSRF_TRUSTED_ORIGINS = (
    'http://peering-manager.local',
    'https://peering-manager.local',
)

LOGIN_REQUIRED

Default: False

Setting this to True will permit only authenticated users to access any part of Peering Manager. By default, anonymous users are permitted to access most data in Peering Manager but not make any changes.