Add pythonanywhere to ALLOWED_HOSTS, CSRF_TRUSTED_ORIGINS #136
Conversation
| from dotenv import load_dotenv | ||
| env_path = load_dotenv(os.path.join(BASE_DIR, '.env')) | ||
| load_dotenv(env_path) | ||
|
|
||
| # Quick-start development settings - unsuitable for production | ||
| # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/ | ||
|
|
||
| # SECURITY WARNING: keep the secret key used in production secret! | ||
| # SECRET_KEY = 'django-insecure-&psk#na5l=p3q8_a+-$4w1f^lt3lx1c@d*p4x$ymm_rn7pwb87' |
There was a problem hiding this comment.
It would be nice to get this out of the locallibrary/settings.py file if we're adding dotenv support to make beginners aware that credentials should never be exposed like this even if it's for demos.
There was a problem hiding this comment.
This is what comes in the Django skeleton application that is built when you start and the key needs to be present. In the instructions we explain you comment this. So it is useful to show what the user needs to remove/comment out in that application "by comparison".
I find this useful as a "by comparison" - here's what you had, and here's what you now have.
It also helps me when updating the docs for the new version of Django because I compare and this is a match-ish point.
So yes, but I'm still not going to do it for what I think are better reasons than removing it.
|
Thanks very much for the review @bsmth |
As part of allow this tutorial to run on PythonAnywhere this adds it to allowed hosts.
Also, I have added support for getting environment from a .env file in root, if it exists. This is a fallback - env variable first, then env defined in .env, then defaults.
This allows it to work on my kinds of environments.