Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Website backend: Changed debug to .env value #4309

Open
wants to merge 1 commit into
base: staging
Choose a base branch
from
Open

Website backend: Changed debug to .env value #4309

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions src/website/core/settings.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,7 @@ def require_env_var(env_var: str) -> str:
# Core Settings
# ---------------------------------------------------------
SECRET_KEY = require_env_var('SECRET_KEY')
# DEBUG = get_env_bool('DEBUG', default=False)
DEBUG = True
DEBUG = get_env_bool('DEBUG', default=False)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Update .env.sample documentation for DEBUG setting

The .env.sample file currently sets DEBUG=True without any explanation. While this is convenient for development, it should include a clear warning about production deployments. Please add a comment:

# Development only! Set DEBUG=False in production for security
DEBUG=True
🔗 Analysis chain

Excellent security improvement!

Moving from hardcoded DEBUG=True to environment variable control with secure defaults is a significant improvement. This change follows Django best practices and the 12-factor app methodology.

Please ensure the .env.example file is updated to include:

DEBUG=False  # Set to True for local development

Run this script to verify the documentation:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if DEBUG is documented in .env.example
fd -t f ".env.example" -x grep -l "DEBUG="

Length of output: 40

Script:

#!/bin/bash
# Search for any environment-related files and documentation
echo "=== Environment Files ==="
fd -t f "^\.env" || true

echo -e "\n=== Documentation Files ==="
fd -t f "^README|^CONTRIBUTING|^DEVELOPMENT|^ENV" -i || true

echo -e "\n=== Checking Documentation Content ==="
fd -t f "^README|^CONTRIBUTING|^DEVELOPMENT|^ENV" -i -x grep -l "DEBUG" || true

Length of output: 2183

Script:

#!/bin/bash
# Search specifically in website directory with hidden files
echo "=== Website Environment Files ==="
fd -H -t f "^\.env" src/website || true

echo -e "\n=== Website Config Files ==="
fd -t f . src/website/config || true

echo -e "\n=== Website README Content ==="
cat src/website/README.md || true

Length of output: 465

Script:

#!/bin/bash
# Check content of .env.sample file
echo "=== .env.sample Content ==="
cat src/website/.env.sample | grep -i "debug" -A 1 -B 1 || true

Length of output: 228


ALLOWED_HOSTS = parse_env_list('ALLOWED_HOSTS', default='localhost,127.0.0.1')

Expand Down
Loading