There's no reason to make Django's /admin login page available to users in the Production or Staging environments. Staff are already authenticated, and/or can be added via command line by users with server access. No one should need to log in via /admin directly, so we shouldn't even let users try.
Description
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T240169 Improve staff workflows | |||
Resolved | NirmalaSainsara | T245268 Block /admin login page in production & staging |
Event Timeline
Comment Actions
@NirmalaSainsara You have some feedback in your PR, do you need anything else from us to continue with this?
Comment Actions
I still seem to be able to navigate to https://wikipedialibrary.wmflabs.org/admin/login/ and see the login page.
Comment Actions
@jsn.sherman suspects this is simply an issue of the nginx config line being at the bottom of the file rather than the top. Testing.
Comment Actions
turns out the issue was an oversight in our deployment pipeline:
the change was correctly implemented, but our deployment script doesn't pick up and deploy nginx config changes. They have just been super rare to date.