mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2024-11-23 10:04:01 +03:00
Include secure defaults for django security middleware
This commit is contained in:
parent
0efd49203b
commit
0fa5261f4a
|
@ -78,9 +78,12 @@ SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
|
||||||
SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
|
SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
|
||||||
'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
|
'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
|
||||||
SECURE_BROWSER_XSS_FILTER = True
|
SECURE_BROWSER_XSS_FILTER = True
|
||||||
SESSION_COOKIE_SECURE = False
|
SESSION_COOKIE_SECURE = True
|
||||||
SESSION_COOKIE_HTTPONLY = True
|
SESSION_COOKIE_HTTPONLY = True
|
||||||
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
|
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
|
||||||
|
CSRF_COOKIE_SECURE = True
|
||||||
|
CSRF_COOKIE_HTTPONLY = True
|
||||||
|
X_FRAME_OPTIONS = 'DENY'
|
||||||
|
|
||||||
# SITE CONFIGURATION
|
# SITE CONFIGURATION
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
Loading…
Reference in New Issue
Block a user