Include secure defaults for django security middleware

This commit is contained in:
Leonardo Jimenez 2016-06-03 12:24:11 -07:00
parent 0efd49203b
commit 0fa5261f4a

View File

@ -78,9 +78,12 @@ SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
SECURE_CONTENT_TYPE_NOSNIFF = env.bool( SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True) 'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
SECURE_BROWSER_XSS_FILTER = True SECURE_BROWSER_XSS_FILTER = True
SESSION_COOKIE_SECURE = False SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_HTTPONLY = True
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True) SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
X_FRAME_OPTIONS = 'DENY'
# SITE CONFIGURATION # SITE CONFIGURATION
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------