Coverage for /Users/davegaeddert/Development/dropseed/plain/plain/plain/runtime/global_settings.py: 100%

43 statements  

« prev     ^ index     » next       coverage.py v7.6.1, created at 2024-10-17 22:06 -0500

1""" 

2Default Plain settings. Override these with settings in the module pointed to 

3by the PLAIN_SETTINGS_MODULE environment variable. 

4""" 

5from pathlib import Path 

6 

7from plain.runtime import APP_PATH as default_app_path 

8 

9#################### 

10# CORE # 

11#################### 

12 

13DEBUG: bool = False 

14 

15PLAIN_TEMP_PATH: Path = default_app_path.parent / ".plain" 

16 

17# Hosts/domain names that are valid for this site. 

18# "*" matches anything, ".example.com" matches example.com and all subdomains 

19ALLOWED_HOSTS: list[str] = [] 

20 

21# Local time zone for this installation. All choices can be found here: 

22# https://en.wikipedia.org/wiki/List_of_tz_zones_by_name (although not all 

23# systems may support all possibilities). This is interpreted as the default 

24# user time zone. 

25TIME_ZONE: str = "UTC" 

26 

27# Default charset to use for all Response objects, if a MIME type isn't 

28# manually specified. It's used to construct the Content-Type header. 

29DEFAULT_CHARSET = "utf-8" 

30 

31# List of strings representing installed packages. 

32INSTALLED_PACKAGES: list[str] = [] 

33 

34# Whether to append trailing slashes to URLs. 

35APPEND_SLASH = True 

36 

37# Default headers for all responses. 

38DEFAULT_RESPONSE_HEADERS = { 

39 # "Content-Security-Policy": "default-src 'self'", 

40 # https://hstspreload.org/ 

41 # "Strict-Transport-Security": "max-age=31536000; includeSubDomains; preload", 

42 "Cross-Origin-Opener-Policy": "same-origin", 

43 "Referrer-Policy": "same-origin", 

44 "X-Content-Type-Options": "nosniff", 

45 "X-Frame-Options": "DENY", 

46} 

47 

48# Whether to redirect all non-HTTPS requests to HTTPS. 

49HTTPS_REDIRECT_ENABLED = True 

50HTTPS_REDIRECT_EXEMPT = [] 

51HTTPS_REDIRECT_HOST = None 

52 

53# If your Plain app is behind a proxy that sets a header to specify secure 

54# connections, AND that proxy ensures that user-submitted headers with the 

55# same name are ignored (so that people can't spoof it), set this value to 

56# a tuple of (header_name, header_value). For any requests that come in with 

57# that header/value, request.is_https() will return True. 

58# WARNING! Only set this if you fully understand what you're doing. Otherwise, 

59# you may be opening yourself up to a security risk. 

60HTTPS_PROXY_HEADER = None 

61 

62# Whether to use the X-Forwarded-Host and X-Forwarded-Port headers 

63# when determining the host and port for the request. 

64USE_X_FORWARDED_HOST = False 

65USE_X_FORWARDED_PORT = False 

66 

67# A secret key for this particular Plain installation. Used in secret-key 

68# hashing algorithms. Set this in your settings, or Plain will complain 

69# loudly. 

70SECRET_KEY: str 

71 

72# List of secret keys used to verify the validity of signatures. This allows 

73# secret key rotation. 

74SECRET_KEY_FALLBACKS: list[str] = [] 

75 

76ROOT_URLCONF = "app.urls" 

77 

78# List of upload handler classes to be applied in order. 

79FILE_UPLOAD_HANDLERS = [ 

80 "plain.internal.files.uploadhandler.MemoryFileUploadHandler", 

81 "plain.internal.files.uploadhandler.TemporaryFileUploadHandler", 

82] 

83 

84# Maximum size, in bytes, of a request before it will be streamed to the 

85# file system instead of into memory. 

86FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 # i.e. 2.5 MB 

87 

88# Maximum size in bytes of request data (excluding file uploads) that will be 

89# read before a SuspiciousOperation (RequestDataTooBig) is raised. 

90DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440 # i.e. 2.5 MB 

91 

92# Maximum number of GET/POST parameters that will be read before a 

93# SuspiciousOperation (TooManyFieldsSent) is raised. 

94DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000 

95 

96# Maximum number of files encoded in a multipart upload that will be read 

97# before a SuspiciousOperation (TooManyFilesSent) is raised. 

98DATA_UPLOAD_MAX_NUMBER_FILES = 100 

99 

100# Directory in which upload streamed files will be temporarily saved. A value of 

101# `None` will make Plain use the operating system's default temporary directory 

102# (i.e. "/tmp" on *nix systems). 

103FILE_UPLOAD_TEMP_DIR = None 

104 

105# User-defined overrides for error views by status code 

106HTTP_ERROR_VIEWS: dict[int] = {} 

107 

108############## 

109# MIDDLEWARE # 

110############## 

111 

112# List of middleware to use. Order is important; in the request phase, these 

113# middleware will be applied in the order given, and in the response 

114# phase the middleware will be applied in reverse order. 

115MIDDLEWARE: list[str] = [] 

116 

117########### 

118# SIGNING # 

119########### 

120 

121COOKIE_SIGNING_BACKEND = "plain.signing.TimestampSigner" 

122 

123######## 

124# CSRF # 

125######## 

126 

127# Settings for CSRF cookie. 

128CSRF_COOKIE_NAME = "csrftoken" 

129CSRF_COOKIE_AGE = 60 * 60 * 24 * 7 * 52 

130CSRF_COOKIE_DOMAIN = None 

131CSRF_COOKIE_PATH = "/" 

132CSRF_COOKIE_SECURE = True 

133CSRF_COOKIE_HTTPONLY = False 

134CSRF_COOKIE_SAMESITE = "Lax" 

135CSRF_HEADER_NAME = "HTTP_X_CSRFTOKEN" 

136CSRF_TRUSTED_ORIGINS: list[str] = [] 

137 

138########### 

139# LOGGING # 

140########### 

141 

142# Custom logging configuration. 

143LOGGING = {} 

144 

145############### 

146# ASSETS # 

147############### 

148 

149# Whether to redirect the original asset path to the fingerprinted path. 

150ASSETS_REDIRECT_ORIGINAL = True 

151 

152# If assets are served by a CDN, use this URL to prefix asset paths. 

153# Ex. "https://cdn.example.com/assets/" 

154ASSETS_BASE_URL: str = "" 

155 

156#################### 

157# PREFLIGHT CHECKS # 

158#################### 

159 

160# List of all issues generated by system checks that should be silenced. Light 

161# issues like warnings, infos or debugs will not generate a message. Silencing 

162# serious issues like errors and criticals does not result in hiding the 

163# message, but Plain will not stop you from e.g. running server. 

164SILENCED_PREFLIGHT_CHECKS = [] 

165 

166############# 

167# Templates # 

168############# 

169 

170JINJA_LOADER = "jinja2.loaders.FileSystemLoader" 

171JINJA_ENVIRONMENT = "plain.templates.jinja.defaults.create_default_environment"