mirror of
https://gitlab.crans.org/mediatek/med.git
synced 2024-11-30 00:13:03 +00:00
Harden Django project configuration
Set session and CSRF cookies as secure for production. Set HSTS header to let browser remember HTTPS for 1 year.
This commit is contained in:
parent
cf544dc596
commit
48c056b210
@ -26,6 +26,16 @@ SITE_ID = 1
|
|||||||
|
|
||||||
ALLOWED_HOSTS = ['127.0.0.1']
|
ALLOWED_HOSTS = ['127.0.0.1']
|
||||||
|
|
||||||
|
# Use secure cookies in production
|
||||||
|
SESSION_COOKIE_SECURE = not DEBUG
|
||||||
|
CSRF_COOKIE_SECURE = not DEBUG
|
||||||
|
|
||||||
|
# Remember HTTPS for 1 year
|
||||||
|
SECURE_HSTS_SECONDS = 31536000
|
||||||
|
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
||||||
|
SECURE_HSTS_PRELOAD = True
|
||||||
|
|
||||||
|
|
||||||
# Application definition
|
# Application definition
|
||||||
|
|
||||||
INSTALLED_APPS = [
|
INSTALLED_APPS = [
|
||||||
|
Loading…
Reference in New Issue
Block a user