forked from mozmeao/birdbox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.env-example
41 lines (31 loc) · 1.64 KB
/
.env-example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
DEBUG=False
USE_SECURE_PROXY_HEADER=False
RATELIMIT_ENABLE=False
EMAIL_BACKEND="django.core.mail.backends.console.EmailBackend"
# If you want to use Google Cloud Storage locally, you'll need to set these
# variables. See https://django-storages.readthedocs.io/en/latest/backends/gcloud.html
GS_BUCKET_NAME="gcs-bucket-name-here"
GS_PROJECT_ID="gcp-project-name-here"
GOOGLE_APPLICATION_CREDENTIALS="./local-credentials/add-your-service-account-credentials-here.json"
# SSO / OIDC configuration
USE_SSO_AUTH=False # By default for local running, go with username+password auth, not SSO
# If USE_SSO_AUTH is True, you'll be using Mozilla OpenID Connect via Auth0
# Get from IAM creentials from an appropriate person within the org to set here
# in your .env
OIDC_RP_CLIENT_ID=setme
OIDC_RP_CLIENT_SECRET=setme
# If you want to test CSP, set this to True
CSP_ENABLED=False
CSP_REPORT_ONLY=False
CSP_CONNECT_SRC="'self' https://region1.google-analytics.com https://basket.mozilla.org"
CSP_FRAME_SRC="'self' www.youtube-nocookie.com www.youtube.com player.vimeo.com"
CSP_IMG_SRC="'self' data: https://storage.googleapis.com/future-nonprod-dev-storage/ https://region1.google-analytics.com"
CSP_SCRIPT_SRC="'self' www.googletagmanager.com"
# If you want a fake Sentry to catch Sentry errors and CSP violations, you can use Kent
# Install it with `pipx install kent`
# or get the latest via `pipx install https://github.com/willkg/kent/archive/refs/heads/main.zip --force`
# Then run it with:
# kent-server run -p 8015
SENTRY_DSN=http://[email protected]:8015/1
CSP_REPORTING_ENDPOINT = http://[email protected]:8015/api/1/security/
# Also see base.py for other CSP settings