diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 1e24b28f..aa7475f6 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -8,6 +8,7 @@ function install_sahara_dashboard { function configure_sahara_dashboard { cp -a ${SAHARA_DASH_DIR}/sahara_dashboard/enabled/* ${DEST}/horizon/openstack_dashboard/local/enabled/ + cp -a ${SAHARA_DASH_DIR}/sahara_dashboard/local_settings.d/* ${DEST}/horizon/openstack_dashboard/local/local_settings.d/ # NOTE: If locale directory does not exist, compilemessages will fail, # so check for an existence of locale directory is required. if [ -d ${SAHARA_DASH_DIR}/sahara_dashboard/locale ]; then diff --git a/releasenotes/notes/django_data_upload_max_number-3fe39c838c275587.yaml b/releasenotes/notes/django_data_upload_max_number-3fe39c838c275587.yaml new file mode 100644 index 00000000..d361f0f2 --- /dev/null +++ b/releasenotes/notes/django_data_upload_max_number-3fe39c838c275587.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + Django 1.10 introduced a new var : DATA_UPLOAD_MAX_NUMBER_FIELDS which + prevent DOS on data received via GET and POST methods. Default values + is set to 2000 instead of upstream default of 1000 to keep the security + feature and to not cause issue with the Sahara Dashboard forms. diff --git a/sahara_dashboard/local_settings.d/_12_toggle_data_upload_max_number_fields.py b/sahara_dashboard/local_settings.d/_12_toggle_data_upload_max_number_fields.py new file mode 100644 index 00000000..5778a42b --- /dev/null +++ b/sahara_dashboard/local_settings.d/_12_toggle_data_upload_max_number_fields.py @@ -0,0 +1,2 @@ +# toggle DATA_UPLOAD_MAX_NUMBER_FIELDS +DATA_UPLOAD_MAX_NUMBER_FIELDS = 2000