cookiecutter/cookiecutter-django
1
1
Fork 0
mirror of https://github.com/cookiecutter/cookiecutter-django.git synced 2024-11-11 12:17:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Include secure defaults for django security middleware

Browse Source
This commit is contained in:
Leonardo Jimenez 2016-06-03 12:24:11 -07:00
parent 0efd49203b
commit 0fa5261f4a
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
{{cookiecutter.project_slug}}/config/settings/production.py
View File

@ -78,9 +78,12 @@ SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
SECURE_CONTENT_TYPE_NOSNIFF = env.bool( SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True) 'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
SECURE_BROWSER_XSS_FILTER = True SECURE_BROWSER_XSS_FILTER = True
SESSION_COOKIE_SECURE = False SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_HTTPONLY = True
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True) SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
X_FRAME_OPTIONS = 'DENY'
# SITE CONFIGURATION # SITE CONFIGURATION
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------