ynerant/med
1
0
Fork 0
mirror of https://gitlab.crans.org/mediatek/med.git synced 2024-11-30 00:53:03 +00:00
Code Issues Releases Wiki Activity

Harden Django project configuration

Browse Source 
Set session and CSRF cookies as secure for production.
Set HSTS header to let browser remember HTTPS for 1 year.
This commit is contained in:
Alexandre Iooss 2022-03-09 12:30:18 +01:00
parent cf544dc596
commit 48c056b210
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
med/settings.py
View File

@ -26,6 +26,16 @@ SITE_ID = 1
ALLOWED_HOSTS = ['127.0.0.1'] ALLOWED_HOSTS = ['127.0.0.1']
# Use secure cookies in production
SESSION_COOKIE_SECURE = not DEBUG
CSRF_COOKIE_SECURE = not DEBUG
# Remember HTTPS for 1 year
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
# Application definition # Application definition
INSTALLED_APPS = [ INSTALLED_APPS = [