mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2024-09-21 11:29:08 +03:00
Remove django-secure (#579)
* Eliminate django-secure from requirements and settings files * Include secure defaults for django security middleware * Add settings required by SecurityMiddleware also remove django-secure in prod settings * Eliminate empty spaces generated on Jinja on config/settings/production.py
This commit is contained in:
Leonardo
Daniel Roy Greenfeld
parent
39fe13bea8
commit
907b8ecfbd
|
|
@ -53,7 +53,7 @@ INSTALLED_APPS = DJANGO_APPS + THIRD_PARTY_APPS + LOCAL_APPS
|
||||||
# MIDDLEWARE CONFIGURATION
|
# MIDDLEWARE CONFIGURATION
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
MIDDLEWARE_CLASSES = (
|
MIDDLEWARE_CLASSES = (
|
||||||
# Make sure djangosecure.middleware.SecurityMiddleware is listed first
|
'django.middleware.security.SecurityMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
|
|
|
||||||
|
|
@ -29,40 +29,26 @@ from .common import * # noqa
|
||||||
# Raises ImproperlyConfigured exception if DJANGO_SECRET_KEY not in os.environ
|
# Raises ImproperlyConfigured exception if DJANGO_SECRET_KEY not in os.environ
|
||||||
SECRET_KEY = env('DJANGO_SECRET_KEY')
|
SECRET_KEY = env('DJANGO_SECRET_KEY')
|
||||||
|
|
||||||
|
|
||||||
# This ensures that Django will be able to detect a secure connection
|
# This ensures that Django will be able to detect a secure connection
|
||||||
# properly on Heroku.
|
# properly on Heroku.
|
||||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||||
|
{%- if cookiecutter.use_sentry == 'y'-%}
|
||||||
# django-secure
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
INSTALLED_APPS += ('djangosecure', )
|
|
||||||
{% if cookiecutter.use_sentry == 'y' -%}
|
|
||||||
# raven sentry client
|
# raven sentry client
|
||||||
# See https://docs.getsentry.com/hosted/clients/python/integrations/django/
|
# See https://docs.getsentry.com/hosted/clients/python/integrations/django/
|
||||||
INSTALLED_APPS += ('raven.contrib.django.raven_compat', )
|
INSTALLED_APPS += ('raven.contrib.django.raven_compat', )
|
||||||
{%- endif %}
|
{% endif %}
|
||||||
SECURITY_MIDDLEWARE = (
|
{%- if cookiecutter.use_whitenoise == 'y' %}
|
||||||
'djangosecure.middleware.SecurityMiddleware',
|
|
||||||
)
|
|
||||||
{% if cookiecutter.use_whitenoise == 'y' -%}
|
|
||||||
# Use Whitenoise to serve static files
|
# Use Whitenoise to serve static files
|
||||||
# See: https://whitenoise.readthedocs.io/
|
# See: https://whitenoise.readthedocs.io/
|
||||||
WHITENOISE_MIDDLEWARE = (
|
WHITENOISE_MIDDLEWARE = ('whitenoise.middleware.WhiteNoiseMiddleware', )
|
||||||
'whitenoise.middleware.WhiteNoiseMiddleware',
|
|
||||||
)
|
|
||||||
MIDDLEWARE_CLASSES = WHITENOISE_MIDDLEWARE + MIDDLEWARE_CLASSES
|
MIDDLEWARE_CLASSES = WHITENOISE_MIDDLEWARE + MIDDLEWARE_CLASSES
|
||||||
{%- endif %}
|
{% endif %}
|
||||||
{% if cookiecutter.use_sentry == 'y' -%}
|
{%- if cookiecutter.use_sentry == 'y' -%}
|
||||||
RAVEN_MIDDLEWARE = (
|
RAVEN_MIDDLEWARE = ('raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware', )
|
||||||
'raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware',
|
|
||||||
)
|
|
||||||
MIDDLEWARE_CLASSES = RAVEN_MIDDLEWARE + MIDDLEWARE_CLASSES
|
MIDDLEWARE_CLASSES = RAVEN_MIDDLEWARE + MIDDLEWARE_CLASSES
|
||||||
{%- endif %}
|
{% endif %}
|
||||||
|
{%- if cookiecutter.use_opbeat == 'y' -%}
|
||||||
# Make sure djangosecure.middleware.SecurityMiddleware is listed first
|
|
||||||
MIDDLEWARE_CLASSES = SECURITY_MIDDLEWARE + MIDDLEWARE_CLASSES
|
|
||||||
|
|
||||||
{% if cookiecutter.use_opbeat == 'y' -%}
|
|
||||||
# opbeat integration
|
# opbeat integration
|
||||||
# See https://opbeat.com/languages/django/
|
# See https://opbeat.com/languages/django/
|
||||||
INSTALLED_APPS += ('opbeat.contrib.django',)
|
INSTALLED_APPS += ('opbeat.contrib.django',)
|
||||||
|
|
@ -74,7 +60,13 @@ OPBEAT = {
|
||||||
MIDDLEWARE_CLASSES = (
|
MIDDLEWARE_CLASSES = (
|
||||||
'opbeat.contrib.django.middleware.OpbeatAPMMiddleware',
|
'opbeat.contrib.django.middleware.OpbeatAPMMiddleware',
|
||||||
) + MIDDLEWARE_CLASSES
|
) + MIDDLEWARE_CLASSES
|
||||||
{%- endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
# SECURITY CONFIGURATION
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# See https://docs.djangoproject.com/en/1.9/ref/middleware/#module-django.middleware.security
|
||||||
|
# and https://docs.djangoproject.com/ja/1.9/howto/deployment/checklist/#run-manage-py-check-deploy
|
||||||
|
|
||||||
# set this to 60 seconds and then to 518400 when you can prove it works
|
# set this to 60 seconds and then to 518400 when you can prove it works
|
||||||
SECURE_HSTS_SECONDS = 60
|
SECURE_HSTS_SECONDS = 60
|
||||||
SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
|
SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
|
||||||
|
|
@ -82,9 +74,12 @@ SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
|
||||||
SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
|
SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
|
||||||
'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
|
'DJANGO_SECURE_CONTENT_TYPE_NOSNIFF', default=True)
|
||||||
SECURE_BROWSER_XSS_FILTER = True
|
SECURE_BROWSER_XSS_FILTER = True
|
||||||
SESSION_COOKIE_SECURE = False
|
SESSION_COOKIE_SECURE = True
|
||||||
SESSION_COOKIE_HTTPONLY = True
|
SESSION_COOKIE_HTTPONLY = True
|
||||||
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
|
SECURE_SSL_REDIRECT = env.bool('DJANGO_SECURE_SSL_REDIRECT', default=True)
|
||||||
|
CSRF_COOKIE_SECURE = True
|
||||||
|
CSRF_COOKIE_HTTPONLY = True
|
||||||
|
X_FRAME_OPTIONS = 'DENY'
|
||||||
|
|
||||||
# SITE CONFIGURATION
|
# SITE CONFIGURATION
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
@ -95,6 +90,7 @@ ALLOWED_HOSTS = env.list('DJANGO_ALLOWED_HOSTS', default=['{{cookiecutter.domain
|
||||||
|
|
||||||
INSTALLED_APPS += ('gunicorn', )
|
INSTALLED_APPS += ('gunicorn', )
|
||||||
|
|
||||||
|
|
||||||
# STORAGE CONFIGURATION
|
# STORAGE CONFIGURATION
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Uploaded Media Files
|
# Uploaded Media Files
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,6 @@ django==1.9.6
|
||||||
|
|
||||||
# Configuration
|
# Configuration
|
||||||
django-environ==0.4.0
|
django-environ==0.4.0
|
||||||
django-secure==1.0.1
|
|
||||||
{% if cookiecutter.use_whitenoise == 'y' -%}
|
{% if cookiecutter.use_whitenoise == 'y' -%}
|
||||||
whitenoise==3.0
|
whitenoise==3.0
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user