#django

hi there

is django-auth-ldap a convenient and flexible way to handle users or should I try and write my own ldap_auth system ?

disgrntld: adding the headers to the response object is fine

that's the same thing a middleware would do

is this bad? "GET /static/bower_components/bootstrap/dist/js/bootstrap.min.js HTTP/1.1" 304 0

HTTP 304

i hvae this test: https://dpaste.de/iA7E

self.assertTrue(post.title in response.content) AssertionError: False is not true

base.html https://dpaste.de/QVz6

pmachine: I still get a "No 'Access-Control-Allow-Origin' header is present on the requested resource" on the client, even though I've check the response in dev console and I see the appropriate header. I have some weird feeling it's something to do with preflight OPTION request or something that middleware eats up, any ideas?

disgrntld: if a preflight options request is being sent, you'll need to add additional Access-Control-* headers

disgrntld: at minimum, Access-Control-Allow-Methods

I would verify you have all the correct headers you need

disgrntld: this may help: https://developer.mozilla.org/en-US/docs/Web/HT...

One question.. te recommended way to create a user profile is via onetoone relationship or inheriting from AbstractBaseUser ?

I tried 'GET,POST,PUT,DELETE,OPTIONS', but I'll look over that link

?

I want certain HTML features/links to only render in the template based on logic. (ie, Admin's get a link, non-Admins don't). Is that done by the template

or do I do the rendering out of the template, and then send the HTML to the template

toothe: It can be.

lindii_: if your happy with the default user object, then a one-to-one relation is usually easier to set up

what's the preferred way? It seems that its bad to put logic in a template aside from a for loop.

{% if request.user.is_admin %} ... {% endif %}

oh....okay, that works! :-)

pmachine: thanks

toothe: it's in the docs :P

FunkyBob: You know my thoughts on the docs :-)

but no, i've seen that before, I wasn't htinking.

toothe: your thoughts on the docs? that they're too big?

Hmm. I've been using DuckDuckGo, and it seems to put other copies of the django documentation above the official site sometimes. That's not totally awesome.

my app is passing all tests. but is not showing the base bootstrap/html5 template

i get a weird message: onsider using 'dppx' units, as in CSS 'dpi' means dots-per-CSS-inch, not dots-per-physical-inch, so does not correspond to the actual 'dpi' of a screen. In media query expression: print, not all, (-webkit-min-device-pixel-ratio: 1.25), (min-resolution: 120dpi)

(broadening my search made it hit the docs first)

this is my base.html https://dpaste.de/vjc1 below the code is my project directory structure

any thoughtts why is not showing the default bootstrap template?

d0ngz: where is the "default bootstrap template"?

good question, is exactly what i am looking at

lol, sorry

havent slept in 2 days, i will die in 4 hours

noted

I'm in the process of rolling out my first app for actual, realworld, online, usage (eek). I'm trying to tighten down security on my webserver as much as humanely possible. Running gunicorn/nginx. Thoughts?

Has anyone used naxsi for instance, and it is any good?

okimoyo: minimal attack surface. minimal permissions

don't any service you don't neet.

don't let a task/process/user have access to anything it doesn't need

FunkyBob: I have a firewall which only passes through ports 22, 80, and 443... I don't think I'm running anything non-essential on my out of the box ubuntu server installation

FunkyBob: As mentioned, nginx for reverse proxy. Mostly I'm just unsure what threats to worry about...