Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the ability to configure HSTS in NetBox #15644

Closed
sarhaynes opened this issue Apr 5, 2024 · 1 comment · Fixed by #15683
Closed

Add the ability to configure HSTS in NetBox #15644

sarhaynes opened this issue Apr 5, 2024 · 1 comment · Fixed by #15683
Assignees
@Julio-Oliveira-Encora
Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application

Comments

@sarhaynes
Copy link

sarhaynes commented Apr 5, 2024
edited by jeremystretch
Loading

NetBox version

v3.7.3

Feature type

New functionality

Proposed functionality

Currently NetBox does not have configuration entries for HSTS. In order to enable this security feature it is necessary to set the following Django settings (see https://docs.djangoproject.com/en/5.0/ref/middleware/#http-strict-transport-security)

The recommend change to settings.py:

SECURE_HSTS_SECONDS =  getattr(configuration, 'SECURE_HSTS_SECONDS', 0) 
SECURE_HSTS_INCLUDE_SUBDOMAINS = getattr(configuration, 'SECURE_HSTS_INCLUDE_SUBDOMAINS', False)
SECURE_HSTS_PRELOAD = getattr(configuration, 'SECURE_HSTS_PRELOAD', False)

Use case

Add the ability to enable HSTS in configuration.py.

Database changes

None

External dependencies

None
@sarhaynes sarhaynes added status: needs triage This issue is awaiting triage by a maintainer type: feature Introduction of new functionality to the application labels Apr 5, 2024
@jeremystretch jeremystretch removed their assignment Apr 5, 2024
@jeremystretch jeremystretch added status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation and removed status: needs triage This issue is awaiting triage by a maintainer labels Apr 5, 2024
@Julio-Oliveira-Encora
Copy link
Contributor

Please, could you assign it to me?

@arthanson arthanson removed the status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation label Apr 9, 2024
Merged
@arthanson arthanson added the status: accepted This issue has been accepted for implementation label Apr 10, 2024
jeremystretch added a commit that referenced this issue Apr 15, 2024
@Julio-Oliveira-Encora @jeremystretch
Fixes #15644 - Add the ability to configure HSTS in NetBox (#15683)
5098422 
* Added SECURE_HSTS_SECONDSm SECURE_HSTS_INCLUDE_SUBDOMAINS, and SECURE_HSTS_PRELOAD to settings.py

* Addressed some PR comments.

* Apply suggestions from code review

---------

Co-authored-by: Jeremy Stretch <[email protected]>
jeremystretch added a commit that referenced this issue Apr 15, 2024
@jeremystretch
Changelog for #15640, #15644, #15654, #15668, #15685
17e8773
@jeremystretch jeremystretch mentioned this issue Apr 22, 2024
Merged
JCWasmx86 pushed a commit to JCWasmx86/netbox that referenced this issue Apr 23, 2024
@Julio-Oliveira-Encora @jeremystretch @JCWasmx86
Fixes netbox-community#15644 - Add the ability to configure HSTS in N…
87445b0 
…etBox (netbox-community#15683)

* Added SECURE_HSTS_SECONDSm SECURE_HSTS_INCLUDE_SUBDOMAINS, and SECURE_HSTS_PRELOAD to settings.py

* Addressed some PR comments.

* Apply suggestions from code review

---------

Co-authored-by: Jeremy Stretch <[email protected]>
JCWasmx86 pushed a commit to JCWasmx86/netbox that referenced this issue Apr 23, 2024
@jeremystretch @JCWasmx86
Changelog for netbox-community#15640, netbox-community#15644, netbox-…
02ddea7 
…community#15654, netbox-community#15668, netbox-community#15685
cimnine added a commit to cimnine/netbox-docker that referenced this issue Apr 23, 2024
@cimnine
Adds SECURE_* parameters introduced in 3.7.6
e1335a1 
See netbox-community/netbox#15644
@cimnine cimnine mentioned this issue Apr 23, 2024
Merged
3 tasks
@github-actions github-actions bot mentioned this issue May 1, 2024
Open
infracaninophile added a commit to oxcert/netbox-docker that referenced this issue May 23, 2024
@infracaninophile @renovate
@tobiasge @kindlich @NeodymiumFerBore @tbotnz @adlerweb @kchandan @cimnine
Merge in upstream changes (#11)
2da9510 
* Update dependency psycopg to v3.1.17

* Add env var for CENSUS_REPORTING_ENABLED

See netbox-community#999

* Add Redis Sentinel config as environment vars

* Update dependency psycopg to v3.1.18

* fix segfault

* docker-entrypoint.sh: clarify default token message

When a default admin API token is found, a warning is displayed. As it is only called "token", some users might not know what token is referred to. Also the message should give a hint or link to a documentation on how to remove it.

* Update Ubuntu and Nginx Unit

* Use ARM64 self-hosted runner

* Update dependency django-auth-ldap to v4.7.0

* Avoid duplicate checks for Renovate PRs

* Fix netbox-community#1127: Added sentry-sdk to requirements

* Update dependency sentry-sdk to v1.44.0

* Removed version line from the yaml file as it is obsolete

* Update dependency sentry-sdk to v1.44.1

* Update dependency django-auth-ldap to v4.8.0

* Update dependency sentry-sdk to v1.45.0

* Prepare for Netbox 4.0

* Cancel workflow runs for in progress PRs

* Update dependency dulwich to v0.22.0

* Update dependency dulwich to v0.22.1

* Adds SECURE_* parameters introduced in 3.7.6

See netbox-community/netbox#15644

* Update github/super-linter action to v6

* Update dependency sentry-sdk to v2

* Disabled new tests

* Update dependency django-storages to v1.14.3

* Fixed regex for social-auth-core replacement

* Update dependency sentry-sdk to v2.1.1

* Preparation for 2.9.0

* Fix netbox-community#1222: Use /login/ as health check URL

* Install Sentry Django integration correctly

* Preparation for 2.9.1

* Github -> GitHub

Trying to assuage textlint

* Temporarily comment out the netbox_dns plugin addition

Looks like this is causing the upstream netbox CI tests to fail.

* Partially revert upstream CI changes

We don't have a self-hosted linux/arm64 platform to use, so reinstate
the use of QEMU.  Yes, it's slow, but slow and working always beats
broken at any speed.

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Tobias Genannt <[email protected]>
Co-authored-by: kindlich <[email protected]>
Co-authored-by: NdFeB <[email protected]>
Co-authored-by: tbotnz <[email protected]>
Co-authored-by: Florian Knodt <[email protected]>
Co-authored-by: Tobias Genannt <[email protected]>
Co-authored-by: Chandan Kumar <[email protected]>
Co-authored-by: Christian Mäder <[email protected]>
Co-authored-by: Christian Mäder <[email protected]>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Julio-Oliveira-Encora Julio-Oliveira-Encora

Labels
status: accepted This issue has been accepted for implementation type: feature Introduction of new functionality to the application
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes #15644 - Add the ability to configure HSTS in NetBox Julio-Oliveira-Encora/netbox
4 participants
@arthanson @jeremystretch @sarhaynes @Julio-Oliveira-Encora