Skip to content
Browse files

Merge pull request #42 from Osmose/deprecate-DOMAIN

Deprecate DOMAIN and PROTOCOL in favor of SITE_URL
  • Loading branch information...
2 parents a1c4cf0 + 4a641a5 commit cf83b260d82404bcd692b92e28a2908fa09f6a17 @tofumatt tofumatt committed Mar 5, 2012
Showing with 9 additions and 19 deletions.
  1. +4 −13 README.rst
  2. +5 −6 django_browserid/base.py
View
17 README.rst
@@ -42,23 +42,14 @@ Edit your ``urls.py`` file and add the following::
# ...
)
-You can also set the following config in ``settings.py``::
+You should also add the following in ``settings.py``::
# Note: No trailing slash
- SITE_URL = 'https://example.com'
+ SITE_URL = 'https://example.com:8000'
BrowserID uses an assertion and an audience to verify the user. This
-``SITE_URL`` is used to determine the audience. If you don't want to use
-SITE_URL or it is being used for another purpose, you can use PROTOCOL and
-DOMAIN, such as::
-
- PROTOCOL = 'https://'
- DOMAIN = 'example.com'
- # Optional
- PORT = 8001
-
-Either way, for security reasons, it is *very important* to set either SITE_URL
-or DOMAIN.
+``SITE_URL`` is used to determine the audience. For security reasons, it is
+*very important* that you set ``SITE_URL`` correctly.
You can also set the following optional config in ``settings.py``
(they have sensible defaults): ::
View
11 django_browserid/base.py
@@ -1,5 +1,6 @@
import logging
import urllib
+from warnings import warn
try:
import json
except ImportError:
@@ -55,15 +56,13 @@ def get_audience(request):
# If we don't define it explicitly
if not site_url:
- protocol = getattr(settings, 'PROTOCOL', req_proto)
- if not getattr(settings, 'DOMAIN'):
- log.warning('django-browserid WARNING you are missing '
- 'settings.SITE_URL. This is not a secure way '
- 'to verify assertions. Please fix me. '
- 'Setting domain to %s.' % req_domain)
+ warn('Using DOMAIN and PROTOCOL to specify your BrowserID audience is '
+ 'deprecated. Please use the SITE_URL setting instead.',
+ DeprecationWarning)
# DOMAIN is example.com req_domain is example.com:8001
domain = getattr(settings, 'DOMAIN', req_domain.split(':')[0])
+ protocol = getattr(settings, 'PROTOCOL', req_proto)
standards = {'https://': 443, 'http://': 80}
if ':' in req_domain:

0 comments on commit cf83b26

Please sign in to comment.
Something went wrong with that request. Please try again.