Staging instance, all changes can be removed at any time

Skip to content

Handful of fixes for inbound email handling

Nicolas Dandrimont requested to merge mr/inbound-email-fixes into master
  • inbound_email: extend the list of headers accepted for email destinations (and add test)
  • inbound_email: restore support for sha1-based signed addresses
  • settings: ensure that the production secret key does not match the development default
  • config: add support for SECRET_KEY_FALLBACKS

After the migration to Django 4, the signature algorithm for signed addresses was upgraded to sha256. However, sha1-based addresses still exist in the wild, so we need to keep supporting them.

SECRET_KEY_FALLBACKS, which was introduced in recent Django versions, will allow us to rotate the secret key when needed. Explicit support for this feature is needed in our inbound email handler.

Merge request reports

Loading