Handful of fixes for inbound email handling (!1247) · Merge requests · Platform / Development / swh-web

Nicolas Dandrimont requested to merge mr/inbound-email-fixes into master Feb 28, 2024

inbound_email: extend the list of headers accepted for email destinations (and add test)
inbound_email: restore support for sha1-based signed addresses
settings: ensure that the production secret key does not match the development default
config: add support for SECRET_KEY_FALLBACKS

After the migration to Django 4, the signature algorithm for signed addresses was upgraded to sha256. However, sha1-based addresses still exist in the wild, so we need to keep supporting them.

SECRET_KEY_FALLBACKS, which was introduced in recent Django versions, will allow us to rotate the secret key when needed. Explicit support for this feature is needed in our inbound email handler.

Handful of fixes for inbound email handling

Merge request reports