mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2025-02-18 12:30:57 +03:00
Settings: Use security settings in dev as well as prod
This commit is contained in:
Carl Johnson
parent
04cb50858b
commit
1753812136
|
|
@ -209,6 +209,17 @@ FIXTURE_DIRS = (
|
||||||
str(APPS_DIR.path('fixtures')),
|
str(APPS_DIR.path('fixtures')),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# SECURITY
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-httponly
|
||||||
|
SESSION_COOKIE_HTTPONLY = True
|
||||||
|
# https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-httponly
|
||||||
|
CSRF_COOKIE_HTTPONLY = True
|
||||||
|
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-browser-xss-filter
|
||||||
|
SECURE_BROWSER_XSS_FILTER = True
|
||||||
|
# https://docs.djangoproject.com/en/dev/ref/settings/#x-frame-options
|
||||||
|
X_FRAME_OPTIONS = 'DENY'
|
||||||
|
|
||||||
# EMAIL
|
# EMAIL
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#email-backend
|
# https://docs.djangoproject.com/en/dev/ref/settings/#email-backend
|
||||||
|
|
|
||||||
|
|
@ -41,12 +41,8 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||||
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
|
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-secure
|
# https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-secure
|
||||||
SESSION_COOKIE_SECURE = True
|
SESSION_COOKIE_SECURE = True
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-httponly
|
|
||||||
SESSION_COOKIE_HTTPONLY = True
|
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-secure
|
# https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-secure
|
||||||
CSRF_COOKIE_SECURE = True
|
CSRF_COOKIE_SECURE = True
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-httponly
|
|
||||||
CSRF_COOKIE_HTTPONLY = True
|
|
||||||
# https://docs.djangoproject.com/en/dev/topics/security/#ssl-https
|
# https://docs.djangoproject.com/en/dev/topics/security/#ssl-https
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-seconds
|
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-seconds
|
||||||
# TODO: set this to 60 seconds first and then to 518400 once you prove the former works
|
# TODO: set this to 60 seconds first and then to 518400 once you prove the former works
|
||||||
|
|
@ -57,10 +53,6 @@ SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool('DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS
|
||||||
SECURE_HSTS_PRELOAD = env.bool('DJANGO_SECURE_HSTS_PRELOAD', default=True)
|
SECURE_HSTS_PRELOAD = env.bool('DJANGO_SECURE_HSTS_PRELOAD', default=True)
|
||||||
# https://docs.djangoproject.com/en/dev/ref/middleware/#x-content-type-options-nosniff
|
# https://docs.djangoproject.com/en/dev/ref/middleware/#x-content-type-options-nosniff
|
||||||
SECURE_CONTENT_TYPE_NOSNIFF = env.bool('DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
|
SECURE_CONTENT_TYPE_NOSNIFF = env.bool('DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-browser-xss-filter
|
|
||||||
SECURE_BROWSER_XSS_FILTER = True
|
|
||||||
# https://docs.djangoproject.com/en/dev/ref/settings/#x-frame-options
|
|
||||||
X_FRAME_OPTIONS = 'DENY'
|
|
||||||
|
|
||||||
# STORAGES
|
# STORAGES
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user