Insecure production defaults in Django settings#367
Conversation
…settings.py and updated README.md
|
@Mayur-Shashidhar is attempting to deploy a commit to the kaif ansari 's projects Team on Vercel. A member of the Team first needs to authorize it. |
❌ Deploy Preview for gamehub-99999 failed.
|
|
@kaifansariw Please review the pr and assign the labels so that i can gain the neccessary points |
There was a problem hiding this comment.
Pull request overview
This PR addresses issue #362 by moving Django security-sensitive settings toward environment-driven configuration and safer production defaults.
Changes:
- Loads
SECRET_KEY,DEBUG, andALLOWED_HOSTSfrom environment variables. - Adds production fail-fast checks for missing required settings.
- Updates README and backend environment template for the new configuration flow.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| README.md | Documents backend environment variables and production requirements. |
| backend/gamehub_project/settings.py | Adds environment parsing and production guards for Django settings. |
| backend/.env.example | Updates the backend environment template with ALLOWED_HOSTS. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@kaifansariw Please give some updates on this PR |
|
@kaifansariw Are u gonna merge PR or shall i close it and move on |
|
@kaifansariw Your repo was the first one i picked and i dint know i wud have to wait soo much for a reply also |
|
@Mayur-Shashidhar don't worry I will do that , I was currently solving the backend error specially the Google oauth which is not currently solved. But i will accept the frontend related issue. |
|
@kaifansariw I get it u guys are also busy but give us an update na |
|
@kaifansariw Please also assign labels like gssoc:approved and stuff before merging and then merge pls |
There are basically two issue I am facing right now
So I will request you to wait just one day I will talk to GSSoC and do this to things. |
|
I do have the labels list if u want i can send it |
Yeah sure if you have the label list and like a template how to setup project please send me it will be helpful for you and me as well |
|
📄 Description
This PR hardens the Django backend configuration by removing insecure production defaults and moving security-sensitive settings to environment-driven values.
It updates settings.py so that:
SECRET_KEYis loaded from environment variablesDEBUGdefaults toFalseALLOWED_HOSTSis no longer hardcoded to*It also updates the documentation and environment templates so local development remains simple while production stays safe by default.
🔗 Related Issues
Fixes #362
🖼️ Screenshots (if applicable)
🧩 Type of Change
Select the type of change your PR introduces (check all that apply):
✅ Checklist
Before submitting your PR, please confirm the following:
💬 Additional Notes (Optional)
Validation completed locally:
python manage.py checkpasses in development modeSECRET_KEYorALLOWED_HOSTSare missing