Re: [Django] #35900: staticfiles: Make staticfiles.json location unguessable for security (by obscurity!)
2 views
Skip to first unread message
Django
Nov 11, 2024, 9:16:54 AM11/11/24
to django-...@googlegroups.com
#35900: staticfiles: Make staticfiles.json location unguessable for security (by
obscurity!)
-------------------------------------+-------------------------------------
Reporter: Sebastian Pipping | Owner: (none)
Type: New feature | Status: closed
Component: contrib.staticfiles | Version: dev
Severity: Normal | Resolution: wontfix
Keywords: staticfiles | Triage Stage:
security hardening | Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):
* resolution: => wontfix
* status: new => closed
* type: Uncategorized => New feature
Comment:
Hello Sebastian, thank you for taking the time to create this report.
Given this report requests a new feature for Django, the recommended path
forward is to first propose and discuss the idea with the community and
gain consensus. To do that, please consider starting a new conversation on
the [https://forum.djangoproject.com/c/internals/5 Django Forum], where
you'll reach a broader audience and receive additional feedback. This
consensus would require agreement on the implementation details for this
change since, besides the comments from Florian in the
[https://github.com/django/django/pull/18778 PR], I thinks this would
require some form of a deprecation path where the current
`staticfiles.json` is still available, or perhaps a way to declare the
`manifest_name` in the `STORAGES` definition to allow for the current
behavior...
I'll close the ticket for now, but if the community agrees with the
proposal, please return to this ticket and reference the forum discussion
so we can re-open it. For more information, please refer to
[https://docs.djangoproject.com/en/stable/internals/contributing/bugs-and-
features/#requesting-features the documented guidelines for requesting
features].
--
Ticket URL: <https://code.djangoproject.com/ticket/35900#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
obscurity!)
-------------------------------------+-------------------------------------
Reporter: Sebastian Pipping | Owner: (none)
Type: New feature | Status: closed
Component: contrib.staticfiles | Version: dev
Severity: Normal | Resolution: wontfix
Keywords: staticfiles | Triage Stage:
security hardening | Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):
* resolution: => wontfix
* status: new => closed
* type: Uncategorized => New feature
Comment:
Hello Sebastian, thank you for taking the time to create this report.
Given this report requests a new feature for Django, the recommended path
forward is to first propose and discuss the idea with the community and
gain consensus. To do that, please consider starting a new conversation on
the [https://forum.djangoproject.com/c/internals/5 Django Forum], where
you'll reach a broader audience and receive additional feedback. This
consensus would require agreement on the implementation details for this
change since, besides the comments from Florian in the
[https://github.com/django/django/pull/18778 PR], I thinks this would
require some form of a deprecation path where the current
`staticfiles.json` is still available, or perhaps a way to declare the
`manifest_name` in the `STORAGES` definition to allow for the current
behavior...
I'll close the ticket for now, but if the community agrees with the
proposal, please return to this ticket and reference the forum discussion
so we can re-open it. For more information, please refer to
[https://docs.djangoproject.com/en/stable/internals/contributing/bugs-and-
features/#requesting-features the documented guidelines for requesting
features].
--
Ticket URL: <https://code.djangoproject.com/ticket/35900#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Reply all
Reply to author
Forward
0 new messages