diff options
| -rw-r--r-- | core/views_other.py | 8 | ||||
| -rw-r--r-- | security-warnings.txt | 4 | ||||
| -rw-r--r-- | templates/404.html | 23 | ||||
| -rw-r--r-- | templates/pathsreport.html | 2 |
4 files changed, 36 insertions, 1 deletions
diff --git a/core/views_other.py b/core/views_other.py index cc8fe3a..0944d55 100644 --- a/core/views_other.py +++ b/core/views_other.py @@ -23,6 +23,14 @@ Also has code to download a logbook in a choice of formats (why?!) and to download all QMs (not working) """ +def troggle404(request): # cannot get this to work. Handler404 in urls.py not right syntax + '''Custom 404 page to be used even when Debug=True + https://blog.juanwolf.fr/posts/programming/how-to-create-404-page-django/ + ''' + context = RequestContext(request) + #context['caves'] = Cave.objects.all() + return render_to_response('404.html', context.flatten()) + def showrequest(request): return HttpResponse(request.GET) diff --git a/security-warnings.txt b/security-warnings.txt index 775e519..ee3c723 100644 --- a/security-warnings.txt +++ b/security-warnings.txt @@ -2,9 +2,13 @@ System check identified some issues: WARNINGS: ?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems. + ?: (security.W008) Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS. + ?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. + ?: (security.W018) You should not have DEBUG set to True in deployment. + ?: (security.W019) You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'. System check identified 5 issues (0 silenced). diff --git a/templates/404.html b/templates/404.html new file mode 100644 index 0000000..36246de --- /dev/null +++ b/templates/404.html @@ -0,0 +1,23 @@ +{% extends "base.html" %} +{% load wiki_markup %} +{% load link %} + +{% block title %}List of survex files{% endblock %} + +{% block content %} + +<h1>404 - Page not found </h1> + +<h3>Kataster number not found :{{cave}}</h3> +<p>More helpful information will appear here when someone programs it.</p> +<p> +Custom 404 page template/404.html is only activated when DEBUG=False in Django settings. +So this is of very limited usefulness to us as we do not do that with troggle, even in production. +Instead we do not raise the http404 exception in our code, we call our own error-handling display page. +We have not yet done this with all our code though.. +<p> + + +<p><em>This page created 25 March 2021</em></p> +{% endblock %} + diff --git a/templates/pathsreport.html b/templates/pathsreport.html index 8ce93be..f22f1ef 100644 --- a/templates/pathsreport.html +++ b/templates/pathsreport.html @@ -30,7 +30,7 @@ <p> <table style="font-family: Consolas, Lucida Console, monospace;"> -<tr><th>Path</th><th>Code</th><th>Type</th></tr> +<tr><th>Code</th><th>Path</th><th>Type</th></tr> {% for c,p,t in bypathslist %} <tr> <td> |