Rename "tls" config-flag to "needs_tls"

Uninett · Feb 27, 2024 · 57dd64d · 57dd64d
1 parent 0e1330b
commit 57dd64d
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/python/nav/django/settings.py b/python/nav/django/settings.py
@@ -259,13 +259,13 @@
 # * https://docs.djangoproject.com/en/3.2/ref/clickjacking/
 # Example conf:
 #  [security]
-#  ssl = on
+#  needs_ssl = yes
 
 SECURE_BROWSER_XSS_FILTER = True  # Does no harm
 
 _websecurity_config = WebSecurityConfigParser()
-_tls_enabled = bool(_websecurity_config.getboolean('security', 'tls'))
-SESSION_COOKIE_SECURE = _tls_enabled
+_needs_tls = bool(_websecurity_config.getboolean('security', 'needs_tls'))
+SESSION_COOKIE_SECURE = _needs_tls
 
 # Hack for hackers to use features like debug_toolbar etc.
 # https://code.djangoproject.com/wiki/SplitSettings (Rob Golding's method)

diff --git a/python/nav/etc/webfront/webfront.conf b/python/nav/etc/webfront/webfront.conf
@@ -132,4 +132,7 @@ enabled = no
 #post-logout-redirect-url=/magic/logout?nexthop=/
 
 [security]
-# tls = off
+# Whether NAV must be run under TLS or not. Toggling this to `yes` toggles web
+# security features that are only available with TLS/SSL enabled. In
+# development mode this defaults to `no`.
+# needs_tls = no
diff --git a/python/nav/web/security.py b/python/nav/web/security.py
@@ -7,5 +7,5 @@ class WebSecurityConfigParser(NAVConfigParser):
     DEFAULT_CONFIG_FILES = [str(Path('webfront') / 'webfront.conf')]
     DEFAULT_CONFIG = u"""
 [security]
-tls=off
+needs_tls=no
 """