mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2024-11-23 01:57:03 +03:00
Include secure defaults for django security middleware
This commit is contained in:
parent
0efd49203b
commit
0fa5261f4a
|
@ -78,9 +78,12 @@ SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
|
|||
SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
|
||||
'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
|
||||
SECURE_BROWSER_XSS_FILTER = True
|
||||
SESSION_COOKIE_SECURE = False
|
||||
SESSION_COOKIE_SECURE = True
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
|
||||
CSRF_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_HTTPONLY = True
|
||||
X_FRAME_OPTIONS = 'DENY'
|
||||
|
||||
# SITE CONFIGURATION
|
||||
# ------------------------------------------------------------------------------
|
||||
|
|
Loading…
Reference in New Issue
Block a user