From 2580dad42d62100dd98475013fb88579fcb84797 Mon Sep 17 00:00:00 2001 From: Philippe Luickx Date: Thu, 26 Feb 2015 17:15:47 +0200 Subject: [PATCH] Middleware security placed in production configuration --- .../{{cookiecutter.repo_name}}/config/common.py | 1 - .../{{cookiecutter.repo_name}}/config/production.py | 9 +++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py index 2af88bf9..9ed587c3 100644 --- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py +++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/common.py @@ -57,7 +57,6 @@ class Common(Configuration): # MIDDLEWARE CONFIGURATION MIDDLEWARE_CLASSES = ( # Make sure djangosecure.middleware.SecurityMiddleware is listed first - 'djangosecure.middleware.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', diff --git a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py index fa5073e9..5a30893b 100644 --- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py +++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/config/production.py @@ -37,6 +37,15 @@ class Production(Common): # django-secure INSTALLED_APPS += ("djangosecure", ) + # MIDDLEWARE CONFIGURATION + MIDDLEWARE_CLASSES = ( + # Make sure djangosecure.middleware.SecurityMiddleware is listed first + 'djangosecure.middleware.SecurityMiddleware', + ) + + MIDDLEWARE_CLASSES += Common.MIDDLEWARE_CLASSES + # END MIDDLEWARE CONFIGURATION + # set this to 60 seconds and then to 518400 when you can prove it works SECURE_HSTS_SECONDS = 60 SECURE_HSTS_INCLUDE_SUBDOMAINS = values.BooleanValue(True)