1
0
mirror of https://gitlab.crans.org/bde/nk20 synced 2024-12-22 23:42:25 +00:00

Harden Django project configuration

Set session and CSRF cookies as secure for production.
Set HSTS header to let browser remember HTTPS for 1 year.
This commit is contained in:
Alexandre Iooss 2022-03-09 12:12:56 +01:00
parent 5f69232560
commit df5f9b5f1e

View File

@ -24,6 +24,15 @@ ALLOWED_HOSTS = [
os.getenv('NOTE_URL', 'localhost'),
]
# Use secure cookies in production
SESSION_COOKIE_SECURE = not DEBUG
CSRF_COOKIE_SECURE = not DEBUG
# Remember HTTPS for 1 year
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
# Application definition