Merge pull request #177 from CogitoNTNU/development

build: Update DEBUG setting in settings.py and docker-compose.yml and…

.github/workflows/ci.yml

@@ -16,6 +16,7 @@ jobs:
       - name: Build docker image and run tests
         env:
           DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }}
+          DEBUG: "True"
         run: |
           docker compose build
           docker compose run cogito python manage.py makemigrations

cogito/settings.py

@@ -27,7 +27,7 @@
 SECRET_KEY = os.getenv("DJANGO_SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = os.getenv("DEBUG", False)
+DEBUG = os.getenv("DEBUG", "False") == "True"
 
 ALLOWED_HOSTS = [
     "backend.cogito-ntnu.no",
@@ -89,7 +89,21 @@
     },
 ]
 
-WSGI_APPLICATION = "cogito.wsgi.application"
+# HTTPS settings applied only in production
+if not DEBUG:
+    print("Running in production mode", flush=True)
+    SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+    SECURE_SSL_REDIRECT = True
+    CSRF_COOKIE_SECURE = True
+    SESSION_COOKIE_SECURE = True
+else:
+    # Development-only settings
+    # Disable secure headers and redirections
+    print("Running in development mode", flush=True)
+    SECURE_PROXY_SSL_HEADER = None
+    SECURE_SSL_REDIRECT = False
+    CSRF_COOKIE_SECURE = False
+    SESSION_COOKIE_SECURE = False
 
 # Database
 # https://docs.djangoproject.com/en/3.2/ref/settings/#databases

docker-compose.yml

@@ -11,7 +11,7 @@ services:
     depends_on:
       - db
     environment:
-      - DEBUG=True
+      - DEBUG
       - EMAIL_HOST_USER
       - EMAIL_HOST_PASSWORD
       - DJANGO_SECRET_KEY