Middleware security placed in production configuration

2025-01-24 16:24:14 +03:00 · 2015-02-26 17:15:47 +02:00 · 2015-02-26 17:15:47 +02:00 · 2580dad42d
commit 2580dad42d
parent a9a729e500
2 changed files with 9 additions and 1 deletions
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py
@ -57,7 +57,6 @@ class Common(Configuration):
    # MIDDLEWARE CONFIGURATION
    MIDDLEWARE_CLASSES = (
        # Make sure djangosecure.middleware.SecurityMiddleware is listed first
-        'djangosecure.middleware.SecurityMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py
@ -37,6 +37,15 @@ class Production(Common):
    # django-secure
    INSTALLED_APPS += ("djangosecure", )

+    # MIDDLEWARE CONFIGURATION
+    MIDDLEWARE_CLASSES = (
+        # Make sure djangosecure.middleware.SecurityMiddleware is listed first
+        'djangosecure.middleware.SecurityMiddleware',
+    )
+
+    MIDDLEWARE_CLASSES += Common.MIDDLEWARE_CLASSES
+    # END MIDDLEWARE CONFIGURATION
+
    # set this to 60 seconds and then to 518400 when you can prove it works
    SECURE_HSTS_SECONDS = 60
    SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)