mirror of
https://gitlab.crans.org/bde/nk20
synced 2024-12-22 23:42:25 +00:00
Harden Django project configuration
Set session and CSRF cookies as secure for production. Set HSTS header to let browser remember HTTPS for 1 year.
This commit is contained in:
parent
5f69232560
commit
df5f9b5f1e
@ -24,6 +24,15 @@ ALLOWED_HOSTS = [
|
||||
os.getenv('NOTE_URL', 'localhost'),
|
||||
]
|
||||
|
||||
# Use secure cookies in production
|
||||
SESSION_COOKIE_SECURE = not DEBUG
|
||||
CSRF_COOKIE_SECURE = not DEBUG
|
||||
|
||||
# Remember HTTPS for 1 year
|
||||
SECURE_HSTS_SECONDS = 31536000
|
||||
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
||||
SECURE_HSTS_PRELOAD = True
|
||||
|
||||
|
||||
# Application definition
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user