ynerant
/
nk20
mirror of https://gitlab.crans.org/bde/nk20
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'harden' into 'beta' 

Harden Django project configuration

See merge request bde/nk20!194
This commit is contained in:
ynerant 2022-03-09 12:30:23 +01:00
parent 4161248bff df5f9b5f1e
commit d43fbe7ac6
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
note_kfet/settings/base.py
View File

@ -24,6 +24,15 @@ ALLOWED_HOSTS = [
os.getenv('NOTE_URL', 'localhost'), os.getenv('NOTE_URL', 'localhost'),
] ]
# Use secure cookies in production
SESSION_COOKIE_SECURE = not DEBUG
CSRF_COOKIE_SECURE = not DEBUG
# Remember HTTPS for 1 year
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
# Application definition # Application definition