Skip to content

Move CSP and HSTS definitions to settings.py#760

Merged
cduhn17 merged 8 commits intodevelopfrom
AL-fix-checkmarx
Jan 15, 2025
Merged

Move CSP and HSTS definitions to settings.py#760
cduhn17 merged 8 commits intodevelopfrom
AL-fix-checkmarx

Conversation

@aloftus23
Copy link
Contributor

@aloftus23 aloftus23 commented Jan 15, 2025
edited
Loading

🗣 Description

Move CSP and HSTS definitions to settings.py.

This allows security definitions to be more centralized in one location and follows Django standards.

Also the remediates the Checkmarx medium vulnerability in settings.py. This was a false positive, but it did lead us to the idea that these definitions should be in settings.py.

💭 Motivation and context

Medium Checkmarx vulnerability and cleanup.

🧪 Testing

Passes pre-commit checks and pytests.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated
    to reflect the changes in this PR.
  • Tests have been added and/or modified to cover the changes in this PR.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Revert dependencies to default branches.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

@aloftus23 aloftus23 self-assigned this Jan 15, 2025
cduhn17
cduhn17 approved these changes Jan 15, 2025
View reviewed changes
Copy link
Collaborator

@cduhn17 cduhn17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good will be nice to have all of this centralized at settings.py

@aloftus23 aloftus23 marked this pull request as ready for review January 15, 2025 17:48
@cduhn17 cduhn17 merged commit 749baff into develop Jan 15, 2025
@cduhn17 cduhn17 deleted the AL-fix-checkmarx branch January 15, 2025 17:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cduhn17 cduhn17 cduhn17 approved these changes

@Matthew-Grayson Matthew-Grayson Awaiting requested review from Matthew-Grayson

@nickviola nickviola Awaiting requested review from nickviola nickviola is a code owner

@rapidray12 rapidray12 Awaiting requested review from rapidray12 rapidray12 is a code owner

@schmelz21 schmelz21 Awaiting requested review from schmelz21 schmelz21 is a code owner

Assignees

@aloftus23 aloftus23

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aloftus23 @cduhn17