From 310b803f29623aa071432d814cf53a51706d0193 Mon Sep 17 00:00:00 2001 From: Alexandr Artemyev Date: Tue, 28 May 2024 14:10:33 +0500 Subject: [PATCH] Enhancing the security of cookies --- {{cookiecutter.project_slug}}/config/settings/production.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/{{cookiecutter.project_slug}}/config/settings/production.py b/{{cookiecutter.project_slug}}/config/settings/production.py index 5a6cbdb1..a650d831 100644 --- a/{{cookiecutter.project_slug}}/config/settings/production.py +++ b/{{cookiecutter.project_slug}}/config/settings/production.py @@ -55,8 +55,12 @@ SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") SECURE_SSL_REDIRECT = env.bool("DJANGO_SECURE_SSL_REDIRECT", default=True) # https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-secure SESSION_COOKIE_SECURE = True +# https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-name +SESSION_COOKIE_NAME = "__Secure-sessionid" # https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-secure CSRF_COOKIE_SECURE = True +# https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-name +CSRF_COOKIE_NAME = "__Secure-csrftoken" # https://docs.djangoproject.com/en/dev/topics/security/#ssl-https # https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-seconds # TODO: set this to 60 seconds first and then to 518400 once you prove the former works