-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bugfix/Fix sslmode with custom sqlite path and on Heroku #189
Bugfix/Fix sslmode with custom sqlite path and on Heroku #189
Conversation
a3eb0e9
to
65f2420
Compare
Let me arrange the issue (it'll be a little bothering, but please forgive me because it is security matter). Problem User can not use non-SSL connection at the development environment. Cause
Solution We can overwrite database setting after import django_heroku
import dj_database_url
django_heroku.settings(locals())
# override DATABASE_URL set by django_heroku because it forces SSL mode locally
ssl_require = os.environ['ENV'] != 'development'
locals()['DATABASES']['default'] = dj_database_url.config(
conn_max_age=django_heroku.MAX_CONN_AGE, ssl_require=ssl_require) To use environment variable Can we use |
@icoxfog417 Thanks for the review. Calling As for using the |
@c-w Thank you for your hard work! To use Finally, let me confirm the code. ssl_require='sslmode' not in furl(env('DATABASE_URL', '')).args
So please add test code for |
@icoxfog417 You're correct. if I've added the new test case in 756fff8. |
Correct values can be found here: https://www.postgresql.org/docs/9.1/libpq-ssl.html
Thank you for your fix! |
Are there any obstacles to merge it, guys? |
Sorry for the late reply. We were confirming Heroku deploy 🏃. |
Everything works good, thanks! |
There is an issue in dj-database-url which always sets the sslmode even if the underlying engine doesn't support SSL. See also the conversation with @deltatree on #170 for more information.
There also is an issue in django-heroku which seems to always override sslmode=True. See also the conversation with @dveselov on #170 for more information.
This change implements a work-around for both behaviors.