From a29f49b9db8d52943da35168e4fc954152c7fb4a Mon Sep 17 00:00:00 2001
From: Boris Goldowsky <bgoldowsky@cast.org>
Date: Wed, 20 May 2020 17:18:44 -0400
Subject: [PATCH] CSL-109: revert HTTPS-only settings for now.

At the moment we have no easy way to redirect http to https on the live site.
See https://github.com/kubernetes/ingress-gce/issues/1075
Until this is fixed, moved HTTPS-only settings to separate settings_https file.
---
 src/clusive_project/settings_https.py | 48 +++++++++++++++++++++++++++
 src/clusive_project/settings_prod.py  |  7 ----
 2 files changed, 48 insertions(+), 7 deletions(-)
 create mode 100644 src/clusive_project/settings_https.py

diff --git a/src/clusive_project/settings_https.py b/src/clusive_project/settings_https.py
new file mode 100644
index 000000000..2cfa53920
--- /dev/null
+++ b/src/clusive_project/settings_https.py
@@ -0,0 +1,48 @@
+"""
+Django settings that require HTTPS only.
+"""
+import os
+
+# SECURITY WARNING: keep the secret key used in production secret!
+# Key not set here; must be set from environment variable.
+SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = False
+
+# Require HTTPS and secure cookies
+SECURE_SSL_REDIRECT = True
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_SECURE = True
+
+#######################
+# SECURITY MIDDLEWARE #
+#######################
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+
+
+
+ALLOWED_HOSTS = ['clusive.cast.org',
+                 'clusive.qa.cast.org',
+                 'cisl-demo.qa.cast.org',
+                 'localhost',
+                 '127.0.0.1',
+                 '10.*',
+                 '[::1]']
+
+
+# Database
+# https://docs.djangoproject.com/en/2.2/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': os.environ.get('DJANGO_DB_NAME', 'clusive'),
+        'USER': os.environ.get('DJANGO_DB_USER', 'user'),
+        'PASSWORD': os.environ.get('DJANGO_DB_PASSWORD', 'password'),
+        'HOST': os.environ.get('DJANGO_DB_HOST', '127.0.0.1'),
+        'PORT': os.environ.get('DJANGO_DB_PORT', '5432'),
+        'CONN_MAX_AGE': 60,
+    }
+}
diff --git a/src/clusive_project/settings_prod.py b/src/clusive_project/settings_prod.py
index 46c5c1b9c..294561df7 100644
--- a/src/clusive_project/settings_prod.py
+++ b/src/clusive_project/settings_prod.py
@@ -1,7 +1,6 @@
 """
 Django settings for Clusive PRODUCTION and QA servers.
 This file is read when the DJANGO_CONFIG environment variable is set to "prod".
-HTTPS is REQUIRED with these settings.
 """
 import os
 
@@ -12,11 +11,6 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False
 
-# Secure cookies mean that HTTPS is REQUIRED for this profile.
-# This avoids the possibility of a session getting hijacked by someone seeing the cookies.
-CSRF_COOKIE_SECURE = True
-SESSION_COOKIE_SECURE = True
-
 #######################
 # SECURITY MIDDLEWARE #
 #######################
@@ -24,7 +18,6 @@
 SECURE_CONTENT_TYPE_NOSNIFF = True
 
 
-
 ALLOWED_HOSTS = ['clusive.cast.org',
                  'clusive.qa.cast.org',
                  'cisl-demo.qa.cast.org',