Merge pull request #191 from philippeluickx/master

Middleware security placed in production configuration
2025-02-03 13:14:28 +03:00 · 2015-02-27 11:07:50 +05:30 · 2015-02-27 11:07:50 +05:30 · 195db003fc
commit 195db003fc
parent 10f563abf0 2580dad42d
2 changed files with 9 additions and 1 deletions
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py
@ -57,7 +57,6 @@ class Common(Configuration):
    # MIDDLEWARE CONFIGURATION
    MIDDLEWARE_CLASSES = (
        # Make sure djangosecure.middleware.SecurityMiddleware is listed first
-        'djangosecure.middleware.SecurityMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py
@ -37,6 +37,15 @@ class Production(Common):
    # django-secure
    INSTALLED_APPS += ("djangosecure", )

+    # MIDDLEWARE CONFIGURATION
+    MIDDLEWARE_CLASSES = (
+        # Make sure djangosecure.middleware.SecurityMiddleware is listed first
+        'djangosecure.middleware.SecurityMiddleware',
+    )
+
+    MIDDLEWARE_CLASSES += Common.MIDDLEWARE_CLASSES
+    # END MIDDLEWARE CONFIGURATION
+
    # set this to 60 seconds and then to 518400 when you can prove it works
    SECURE_HSTS_SECONDS = 60
    SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)