mirror of https://gitlab.crans.org/bde/nk20
Merge branch 'harden' into 'beta'
Harden Django project configuration See merge request bde/nk20!194
This commit is contained in:
commit
d43fbe7ac6
|
@ -24,6 +24,15 @@ ALLOWED_HOSTS = [
|
|||
os.getenv('NOTE_URL', 'localhost'),
|
||||
]
|
||||
|
||||
# Use secure cookies in production
|
||||
SESSION_COOKIE_SECURE = not DEBUG
|
||||
CSRF_COOKIE_SECURE = not DEBUG
|
||||
|
||||
# Remember HTTPS for 1 year
|
||||
SECURE_HSTS_SECONDS = 31536000
|
||||
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
||||
SECURE_HSTS_PRELOAD = True
|
||||
|
||||
|
||||
# Application definition
|
||||
|
||||
|
|
Loading…
Reference in New Issue