cookiecutter/cookiecutter-django
1
1
Fork 0
mirror of https://github.com/cookiecutter/cookiecutter-django.git synced 2025-08-15 17:34:52 +03:00
Code Issues Packages Projects Releases Wiki Activity

add commented out security settings if using docker

Browse Source
This commit is contained in:
James Williams 2020-11-28 22:23:51 +00:00
parent 0c7cc387ba
commit c9d67c38e5
No known key found for this signature in database
GPG Key ID: 7809F159246C673E
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
{{cookiecutter.project_slug}}/config/settings/production.py
View File

@ -45,6 +45,22 @@ CACHES = {
# ------------------------------------------------------------------------------
{% if cookiecutter.use_docker -%}
# NOTE headers are managed by the security-headers middleware in traefik.yml
# Uncomment the following if you are not using Traefik
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-ssl-redirect
# SECURE_SSL_REDIRECT = env.bool("DJANGO_SECURE_SSL_REDIRECT", default=True)
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-seconds
# TODO increase this to *at least* 31536000 (1 year) once HTTPS works
# SECURE_HSTS_SECONDS = 60
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-include-subdomains
# SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
# "DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS", default=True
# )
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-preload
# SECURE_HSTS_PRELOAD = env.bool("DJANGO_SECURE_HSTS_PRELOAD", default=True)
# https://docs.djangoproject.com/en/dev/ref/middleware/#x-content-type-options-nosniff
# SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
# "DJANGO_SECURE_CONTENT_TYPE_NOSNIFF", default=True
# )
{% else -%}
# TODO set security headers in your load balancer if possible and remove these
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-ssl-redirect