Cleaning and fixing security issues #95
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lebaudantoine
changed the title
sampaccoud
reviewed
Aug 7, 2024
Room model uses a default value for its configuration. However, I used a wrong default value, it should be a callable. Align the code with Magnify.
Some outdated references to Terraform and OpenStack were missed during the project quickstart. These are legacy elements inherited from OpenFun. This commit cleans up the codebase.
Silenced certain Django security warnings because the application is served behind a reverse proxy. These warnings are not applicable in our deployment context, where the reverse proxy handles these security concerns. This change ensures relevant security measures are appropriately managed while avoiding unnecessary warnings. Any question? asked @rouja. /!\ actually, this commit is not working, and should be fixed.
Updated the liveness and readiness probes interval from every 10 seconds to every 30 seconds. This change reduces the load on the server by decreasing the frequency of health checks. Given the current stability of the application, a 30-second interval is sufficient to ensure that the application remains responsive and healthy.
Few scripts were duplicated between the scripts and the bin folders. Reorganize the scripts in a common folder, and align filenames to follow the same rule.
Updated Django's ALLOWED_HOSTS setting from '*' to the specific host of the server. Setting ALLOWED_HOSTS to '*' is a security risk as it allows any host to access the application, potentially exposing it to malicious attacks. Restricting ALLOWED_HOSTS to the server's host ensures only legitimate requests are processed. In a Kubernetes environment, we also needed to whitelist the pod's IP address to allow health checks to pass. This ensures that Kubernetes liveness and readiness probes can access the application to verify its health.
Addressed missing migrations for the user's language field, ensuring recent updates are correctly applied.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
General cleanup and fixing a few issues.
Proposal
These changes are intended to improve the codebase and resolve several issues. The commit 04f1198 is still not working. I need to pair program with @sampaccoud to address these issues.