Conservancy/symposion_app
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Configure Django production security settings

Browse source
This commit is contained in:
Ben Sturmfels 2023-04-24 17:19:56 +10:00
parent e6533e541d
commit 3a51efd597
Signed by: bsturmfels
GPG key ID: 023C05E2C9C068F0
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
pinaxcon/settings.py
View file

@ -608,3 +608,20 @@ ACCOUNT_SIGNUP_REDIRECT_URL = '/dashboard/'
ACCOUNT_LOGIN_REDIRECT_URL = '/dashboard/' ACCOUNT_LOGIN_REDIRECT_URL = '/dashboard/'
ADMINS = [('', email) for email in os.environ.get('DJANGO_ADMINS', '').split(',') if email] ADMINS = [('', email) for email in os.environ.get('DJANGO_ADMINS', '').split(',') if email]
# Django recommended security settings.
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
SECURE_SSL_REDIRECT = True
SECURE_BROWSER_XSS_FILTER = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
X_FRAME_OPTIONS = 'DENY'
SILENCED_SYSTEM_CHECKS = [
# HSTS is handled by Nginx.
'security.W004',
# Don't want to preload HSTS at this stage.
'security.W021']