Merge branch 'harden' into 'beta'

Harden Django project configuration

See merge request bde/nk20!194
This commit is contained in:
ynerant 2022-03-09 12:30:23 +01:00
commit d43fbe7ac6
1 changed files with 9 additions and 0 deletions

View File

@ -24,6 +24,15 @@ ALLOWED_HOSTS = [
os.getenv('NOTE_URL', 'localhost'), os.getenv('NOTE_URL', 'localhost'),
] ]
# Use secure cookies in production
SESSION_COOKIE_SECURE = not DEBUG
CSRF_COOKIE_SECURE = not DEBUG
# Remember HTTPS for 1 year
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
# Application definition # Application definition