mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2024-11-29 21:14:03 +03:00
Add settings required by SecurityMiddleware
also remove django-secure in prod settings
This commit is contained in:
parent
0fa5261f4a
commit
54575f02de
|
@ -33,9 +33,6 @@ SECRET_KEY = env('DJANGO_SECRET_KEY')
|
|||
# properly on Heroku.
|
||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
|
||||
# django-secure
|
||||
# ------------------------------------------------------------------------------
|
||||
INSTALLED_APPS += ('djangosecure', )
|
||||
{% if cookiecutter.use_sentry == 'y' -%}
|
||||
# raven sentry client
|
||||
# See https://docs.getsentry.com/hosted/clients/python/integrations/django/
|
||||
|
@ -71,6 +68,12 @@ MIDDLEWARE_CLASSES = (
|
|||
'opbeat.contrib.django.middleware.OpbeatAPMMiddleware',
|
||||
) + MIDDLEWARE_CLASSES
|
||||
{%- endif %}
|
||||
|
||||
# SECURITY CONFIGURATION
|
||||
# ------------------------------------------------------------------------------
|
||||
# See https://docs.djangoproject.com/en/1.9/ref/middleware/#module-django.middleware.security
|
||||
# and https://docs.djangoproject.com/ja/1.9/howto/deployment/checklist/#run-manage-py-check-deploy
|
||||
|
||||
# set this to 60 seconds and then to 518400 when you can prove it works
|
||||
SECURE_HSTS_SECONDS = 60
|
||||
SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
|
||||
|
@ -78,11 +81,14 @@ SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
|
|||
SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
|
||||
'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
|
||||
SECURE_BROWSER_XSS_FILTER = True
|
||||
|
||||
SESSION_COOKIE_SECURE = True
|
||||
SESSION_COOKIE_HTTPONLY = True
|
||||
|
||||
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
|
||||
CSRF_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_HTTPONLY = True
|
||||
|
||||
X_FRAME_OPTIONS = 'DENY'
|
||||
|
||||
# SITE CONFIGURATION
|
||||
|
|
Loading…
Reference in New Issue
Block a user