Harden Django project configuration

Set session and CSRF cookies as secure for production. Set HSTS header to let browser remember HTTPS for 1 year.
Fix game research
2025-07-04 21:04:04 +02:00 · 2022-03-09 12:30:18 +01:00 · 2021-11-14 16:41:38 +01:00 · 2021-11-14 16:24:38 +01:00 · 2021-11-14 16:16:17 +01:00
4 changed files with 41 additions and 10 deletions
--- a/med/settings.py
+++ b/med/settings.py
@ -26,6 +26,16 @@ SITE_ID = 1

 ALLOWED_HOSTS = ['127.0.0.1']

+# Use secure cookies in production
+SESSION_COOKIE_SECURE = not DEBUG
+CSRF_COOKIE_SECURE = not DEBUG
+
+# Remember HTTPS for 1 year
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
+
 # Application definition

 INSTALLED_APPS = [
--- a/media/admin.py
+++ b/media/admin.py
@ -142,8 +142,8 @@ class BorrowAdmin(VersionAdmin):

 class GameAdmin(VersionAdmin, PolymorphicChildModelAdmin):
    list_display = ('title', 'owner', 'duration', 'players_min',
-                    'players_max', 'comment')
-    search_fields = ('name', 'owner__username', 'duration', 'comment')
+                    'players_max', 'comment', 'isbn')
+    search_fields = ('isbn', 'title', 'owner__username', 'duration', 'comment')
    autocomplete_fields = ('owner',)
    show_in_index = True

--- a/users/migrations/0046_auto_20211114_1624.py
+++ b/users/migrations/0046_auto_20211114_1624.py
@ -0,0 +1,23 @@
+# Generated by Django 2.2.24 on 2021-11-14 15:24
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0045_auto_20211114_1423'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='membership',
+            name='date_end',
+            field=models.DateField(verbose_name='start date'),
+        ),
+        migrations.AlterField(
+            model_name='membership',
+            name='date_start',
+            field=models.DateField(verbose_name='start date'),
+        ),
+    ]
--- a/users/models.py
+++ b/users/models.py
@ -59,12 +59,12 @@ class User(AbstractUser):
        data : dict
            Dictionary with user data to update.
        """
-        self.email = data['email']
-        self.first_name = data['first_name']
-        self.last_name = data['last_name']
-        self.phone_number = data['profile']['phone_number']
-        self.address = data['profile']['address']
-        self.comment = data['profile']['section']
+        self.email = data['email'] or ''
+        self.first_name = data['first_name'] or ''
+        self.last_name = data['last_name'] or ''
+        self.phone_number = data['profile']['phone_number'] or ''
+        self.address = data['profile']['address'] or ''
+        self.comment = data['profile']['section'] or ''

        for membership_dict in data['memberships']:
            if membership_dict['club'] != 22:  # Med
@ -88,12 +88,10 @@ class Membership(models.Model):
    )

    date_start = models.DateField(
-        auto_now_add=True,
        verbose_name=_('start date'),
    )

    date_end = models.DateField(
-        auto_now_add=True,
        verbose_name=_('start date'),
    )
Author	SHA1	Message	Date
Alexandre Iooss	48c056b210	Harden Django project configuration Set session and CSRF cookies as secure for production. Set HSTS header to let browser remember HTTPS for 1 year.	2022-03-09 12:30:18 +01:00
Yohann D'ANELLO	cf544dc596	Fix game research	2021-11-14 16:41:38 +01:00
Yohann D'ANELLO	c0521005ef	Don't put current date as default value for memberships	2021-11-14 16:24:38 +01:00
Yohann D'ANELLO	09c61091d5	Put empty strings instead of None as default values	2021-11-14 16:16:17 +01:00