jeff/umap
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1323 from umap-project/better-document-secret-key

Browse source 
Better documentation for the SECRET_KEY setting
This commit is contained in:
Yohan Boniface 2023-09-20 08:04:00 +02:00 committed by GitHub
commit d48b272837
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/settings.md
View file

@ -63,6 +63,11 @@ See [Django documentation for MEDIA_ROOT](https://docs.djangoproject.com/en/4.2/
Must be defined to something unique and secret. Must be defined to something unique and secret.
Running uMap / Django with a known SECRET_KEY defeats many of Djangos security protections, and can lead to privilege escalation and remote code execution vulnerabilities.
See [Django documentation for SECRET_KEY](https://docs.djangoproject.com/en/4.2/ref/settings/#secret-key)
#### SITE_URL #### SITE_URL
The final URL of you instance, including the protocol: The final URL of you instance, including the protocol: