Configure Django production security settings
This commit is contained in:
parent
e6533e541d
commit
3a51efd597
GPG key ID:
023C05E2C9C068F0
1 changed files with 17 additions and 0 deletions
|
|
@ -608,3 +608,20 @@ ACCOUNT_SIGNUP_REDIRECT_URL = '/dashboard/'
|
|||
ACCOUNT_LOGIN_REDIRECT_URL = '/dashboard/'
|
||||
|
||||
ADMINS = [('', email) for email in os.environ.get('DJANGO_ADMINS', '').split(',') if email]
|
||||
|
||||
# Django recommended security settings.
|
||||
SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
|
||||
SECURE_SSL_REDIRECT = True
|
||||
SECURE_BROWSER_XSS_FILTER = True
|
||||
SESSION_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_HTTPONLY = True
|
||||
X_FRAME_OPTIONS = 'DENY'
|
||||
|
||||
|
||||
SILENCED_SYSTEM_CHECKS = [
|
||||
# HSTS is handled by Nginx.
|
||||
'security.W004',
|
||||
# Don't want to preload HSTS at this stage.
|
||||
'security.W021']
|
||||
|
|
|
|||
Loading…
Reference in a new issue