fix(static-files): fix issue with static files on local and production deployments

Author: anmarkoulis

app.json

@@ -3,7 +3,8 @@
     "environments": {
         "review": {
             "addons": [
-                "heroku-postgresql:hobby-basic"
+                "heroku-postgresql:hobby-basic",
+                "heroku-redis:hobby-basic"
             ]
         }
     }

compose/local/django/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.8-slim-buster
+FROM python:3.8.10-slim-buster
 
 ENV PYTHONUNBUFFERED 1
 ENV PYTHONDONTWRITEBYTECODE 1

config/settings/base.py

@@ -117,6 +117,7 @@
     "django.middleware.security.SecurityMiddleware",
     "corsheaders.middleware.CorsMiddleware",
     "csp.middleware.CSPMiddleware",
+    "whitenoise.middleware.WhiteNoiseMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",
     "django.middleware.locale.LocaleMiddleware",
     "django.middleware.common.CommonMiddleware",
@@ -127,6 +128,25 @@
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
 ]
 
+# CSP MIDDLEWARE CONFIGURATION
+# ------------------------------------------------------------------------------
+CSP_SCRIPT_SRC = [
+    "'self'",
+    "https://stackpath.bootstrapcdn.com",
+    "https://cdn.jsdelivr.net",
+    "https://code.jquery.com",
+    "https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js",
+    "https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv.min.js"
+]
+CSP_STYLE_SRC = [
+    "'self'",
+    "https://stackpath.bootstrapcdn.com"
+]
+CSP_IMG_SRC = [
+    "'self'",
+]
+
+
 # STATIC
 # ------------------------------------------------------------------------------
 # https://docs.djangoproject.com/en/dev/ref/settings/#static-root
@@ -154,18 +174,11 @@
 TEMPLATES = [
     {
         # https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-TEMPLATES-BACKEND
-        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
         # https://docs.djangoproject.com/en/dev/ref/settings/#template-dirs
-        "DIRS": [str(APPS_DIR / "templates")],
-        "OPTIONS": {
-            # https://docs.djangoproject.com/en/dev/ref/settings/#template-loaders
-            # https://docs.djangoproject.com/en/dev/ref/templates/api/#loader-types
-            "loaders": [
-                "django.template.loaders.filesystem.Loader",
-                "django.template.loaders.app_directories.Loader",
-            ],
-            # https://docs.djangoproject.com/en/dev/ref/settings/#template-context-processors
-            "context_processors": [
+        'DIRS': [(str(APPS_DIR / "templates"))],
+        'OPTIONS': {
+            'context_processors': [
                 "django.template.context_processors.debug",
                 "django.template.context_processors.request",
                 "django.contrib.auth.context_processors.auth",
@@ -175,22 +188,18 @@
                 "django.template.context_processors.tz",
                 "django.contrib.messages.context_processors.messages",
                 "tmh_registry.utils.context_processors.settings_context",
+                'csp.context_processors.nonce'
+            ],
+            # https://docs.djangoproject.com/en/dev/ref/settings/#template-loaders
+            # https://docs.djangoproject.com/en/dev/ref/templates/api/#loader-types
+            'loaders': [
+                'django.template.loaders.filesystem.Loader',
+                'django.template.loaders.app_directories.Loader'
             ],
         },
-    }
+    },
 ]
 
-# https://docs.djangoproject.com/en/dev/ref/settings/#form-renderer
-FORM_RENDERER = "django.forms.renderers.TemplatesSetting"
-
-# http://django-crispy-forms.readthedocs.io/en/latest/install.html#template-packs
-CRISPY_TEMPLATE_PACK = "bootstrap4"
-
-# FIXTURES
-# ------------------------------------------------------------------------------
-# https://docs.djangoproject.com/en/dev/ref/settings/#fixture-dirs
-FIXTURE_DIRS = (str(APPS_DIR / "fixtures"),)
-
 # SECURITY
 # ------------------------------------------------------------------------------
 # https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-httponly

config/settings/production.py

@@ -55,39 +55,6 @@
     "DJANGO_SECURE_CONTENT_TYPE_NOSNIFF", default=True
 )
 
-# # STORAGES
-# # ------------------------------------------------------------------------------
-# # https://django-storages.readthedocs.io/en/latest/#installation
-# INSTALLED_APPS += ["storages"]  # noqa F405
-# # https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html#settings
-# AWS_ACCESS_KEY_ID = env("AWS_ACCESS_KEY_ID")
-# # https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html#settings
-# AWS_SECRET_ACCESS_KEY = env("AWS_SECRET_ACCESS_KEY")
-# # https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html#settings
-# AWS_STORAGE_BUCKET_NAME = env("AWS_STORAGE_BUCKET_NAME")
-# # https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html#settings
-# AWS_QUERYSTRING_AUTH = False
-# # DO NOT change these unless you know what you're doing.
-# _AWS_EXPIRY = 60 * 60 * 24 * 7
-# # https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html#settings
-# AWS_S3_OBJECT_PARAMETERS = {
-#     "CacheControl": f"max-age={_AWS_EXPIRY}, s-maxage={_AWS_EXPIRY}, must-revalidate"
-# }
-# # https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html#settings
-# AWS_S3_REGION_NAME = env("AWS_DEFAULT_REGION", default=None)
-# # https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html#cloudfront
-# AWS_S3_CUSTOM_DOMAIN = env("AWS_S3_CUSTOM_DOMAIN", default=None)
-# aws_s3_domain = AWS_S3_CUSTOM_DOMAIN or f"{AWS_STORAGE_BUCKET_NAME}.s3.amazonaws.com"
-# # STATIC
-# # ------------------------
-# STATICFILES_STORAGE = "tmh_registry.utils.storages.StaticRootS3Boto3Storage"
-# COLLECTFAST_STRATEGY = "collectfast.strategies.boto3.Boto3Strategy"
-# STATIC_URL = f"https://{aws_s3_domain}/static/"
-# # MEDIA
-# # ------------------------------------------------------------------------------
-# DEFAULT_FILE_STORAGE = "tmh_registry.utils.storages.MediaRootS3Boto3Storage"
-# MEDIA_URL = f"https://{aws_s3_domain}/media/"
-
 # TEMPLATES
 # ------------------------------------------------------------------------------
 # https://docs.djangoproject.com/en/dev/ref/settings/#templates
@@ -119,20 +86,15 @@
 # Django Admin URL regex.
 ADMIN_URL = env("DJANGO_ADMIN_URL")
 
-# Anymail
+# EMAIL
 # ------------------------------------------------------------------------------
-# https://anymail.readthedocs.io/en/stable/installation/#installing-anymail
-INSTALLED_APPS += ["anymail"]  # noqa F405
 # https://docs.djangoproject.com/en/dev/ref/settings/#email-backend
-# https://anymail.readthedocs.io/en/stable/installation/#anymail-settings-reference
-# https://anymail.readthedocs.io/en/stable/esps/amazon_ses/
-EMAIL_BACKEND = "anymail.backends.amazon_ses.EmailBackend"
-ANYMAIL = {}
-
-# Collectfast
-# ------------------------------------------------------------------------------
-# https://github.com/antonagestam/collectfast#installation
-INSTALLED_APPS = ["collectfast"] + INSTALLED_APPS  # noqa F405
+EMAIL_BACKEND = env(
+    "DJANGO_EMAIL_BACKEND",
+    default="django.core.mail.backends.smtp.EmailBackend"
+)
+# https://docs.djangoproject.com/en/dev/ref/settings/#email-timeout
+EMAIL_TIMEOUT = 5
 
 # LOGGING
 # ------------------------------------------------------------------------------
@@ -212,4 +174,4 @@
 
 # Datadog
 # ------------------------------------------------------------------------------
-INSTALLED_APPS += ["ddtrace.contrib.django"]
+INSTALLED_APPS += ["ddtrace.contrib.django"]  # noqa F405

requirements/base.txt

@@ -17,6 +17,8 @@ django-redis==4.12.1  # https://github.com/jazzband/django-redis
 django-timezone-field==4.0  # https://github.com/mfogel/django-timezone-field/
 django-cors-headers==3.5.0 # https://github.com/adamchainz/django-cors-headers
 django-csp==3.7  # https://github.com/mozilla/django-csp
+whitenoise==5.2.0 # https://github.com/evansd/whitenoise
+
 # Django REST Framework
 djangorestframework==3.12.2  # https://github.com/encode/django-rest-framework
 drf-yasg==1.20.0 # https://github.com/axnsan12/drf-yasg

runtime.txt

@@ -1 +1 @@
-python-3.8.7
+python-3.8.10