Recent Posts (Page 14)

Django Security Headers Hall of Fame

It’s been a year since I published How to Score A+ for Security Headers on Your Django Website, the blog post for my DjangoCon Europe 2019 talk. It’s seen some updates as both Django and web security have evolved, for example Feature-Policy is now required for an A+, and Django 3.0 includes built-in support for Referrer-Policy.

Read more...

Maintaining Multiple Python Projects With myrepos

I maintain several open source Python projects, each in its own GitHub repository. I like to keep them all up to date according to a kind of template - similarity increases maintainability.

Read more...

How to Combine Two Python Decorators

Imagine you have some Django views using the same two decorators:

Read more...

Using Django Check Constraints to Ensure Only One Field Is Set

I previously covered using Django’s CheckConstraint class to validate fields with choices and percentage fields that total 100%. Here’s another use case.

Read more...

Setting Python’s Decimal Context for All Threads

Python’s decimal module has concept of a “context”. This defines the default precision of new Decimals, how rounding works, and lots of other behaviour. Maths gets complicated!

Read more...

CloudFront Updates Are No Longer Soul Destroying

I’ve mentioned CloudFront’s speed, or lack thereof, several times in my past posts.

Read more...

Use Pathlib in Your Django Settings File

Django’s default settings file has always included a BASE_DIR pseudo-setting. I call it a “pseudo-setting” since it’s not read by Django itself. But it’s useful for configuring path-based settings, it is mentioned in the documentation, and some third party packages use it.

Read more...

Using Django Check Constraints for the Sum of Percentage Fields

I previously covered using Django’s CheckConstraint class to ensure a field with choices is constrained to only valid values. Here’s another use case, based on an application I worked on. It uses a check constraint to ensure a set of fields, representing percentages, always sum up to 100.

Read more...

Detect if Your Tests Are Running on a CI System

If you have some slow tests in your suite, you might want to run them only on CI. To do this, you can detect in your test runner if you’re running on a CI system.

Read more...

SQL’s Implicit Type Conversion

At yesterday’s DJUGL meetup I heard a talk from Esau Rodríguez about a buggy new system deployment he survived. His team were deploying a new version of a system that changed the way it connected to its MySQL database, while simultaneously moving session keys from integers to UUIDs. When they discovered the database connection change was flaky, they rolled back to the previous version. This quickly lead to a user reporting being able to see another’s data!

Read more...

How to Make Django Redirect WWW to Your Bare Domain

If you’re hosting a website on a top level domain, you should set up both the bare domain (example.com) and the “www” subdomain (www.example.com). People expect to be able to type either version and see your site - no matter which version you advertise.

Read more...

Use ‘python -m pip’ Everywhere

I’ve just moved all my open source repositories from using plain pip to python -m pip, in test scripts and documentation.

Read more...

Django: disallow auto-named Django migrations

When you run Django’s manage.py makemigrations, it will try to generate a name for the migration based upon its contents. For example, if you are adding a single field, it will call the migration 0002_mymodel_myfield.py. However when your migration contains more than one step, it instead uses a simple ‘auto’ name with the current date + time, e.g. 0002_auto_20200113_1837.py. You can provide the -n/--name argument to makemigrations, but developers often forget this.

Read more...

Django: safely include data for JavaScript in templates

Django templates are often used to pass data to JavaScript code. Unfortunately, if implemented incorrectly, this opens up the possibility of HTML injection, and thus XSS (Cross-Site Scripting) attacks.

Read more...

Converting my CloudFront Lambda@Edge Function from JavaScript to Python

I previously blogged about how I configured my CloudFront hosted website to score A+ on securityheaders.com. I worked around CloudFront’s lack of an “add headers” feature by adding a Lambda@Edge function in JavaScript.

Read more...

How to add a robots.txt to your Django site

robots.txt is a standard file to communicate to “robot” crawlers, such as Google’s Googlebot, which pages they should not crawl. You serve it on your site at the root URL /robots.txt, for example https://example.com/robots.txt.

Read more...

Entering a Flaky Context Manager in Python

Here’s a little Python problem I encountered recently.

Read more...

How to use PyMySQL with Django

Django provides MySQL and MariaDB support out of the box. It supports the mysqlclient library as its DB API driver to connect.

Read more...

Common Issues Using Celery (And Other Task Queues)

Here are some issues I’ve seen crop up several times in Django projects using Celery. They probably apply with other task queues, I simply haven’t used them so much.

Read more...

Scoring A+ for SSL Labs on My Cloudfront-Hosted Static Website

I previously covered how I scored A+ for security headers on my site, which uses AWS CloudFront. I didn’t touch on scoring A+ for your TLS configuration though.

Read more...

Git: compare generated files before and after changes with git diff

Once in a while, I have to make a change to many or all of my blog posts. For example, implementing opengraph meta tags.

Read more...

Moving to Django 3.0’s Field.choices Enumeration Types

One of the headline features of Django 3.0 is its Enumerations for model field choices. They’re a nicer way of defining and constraining model Field.choices.

Read more...

Django’s Field Choices Don’t Constrain Your Data

This post is a PSA on the somewhat unintuitive way Field.choices works in Django.

Read more...

Python: fix SyntaxWarning: "is" with a literal

Take this reasonable-looking code:

Read more...

Django Quiz 4

On Wednesday evening last week I held a quiz at the January London Django Meetup Group. This was the fourth quiz, which has become an annual Christmas tradition at the meetup. Unfortunately it was a month late this year due to venue changes, so I’ve titled this post “Django Quiz 4”.

Read more...