Conservancy/symposion_app
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Only apply Django security settings in production

Browse source
This commit is contained in:
Ben Sturmfels 2023-04-24 17:52:55 +10:00
parent 743a4f678a
commit 3e21ee85d0
Signed by: bsturmfels
GPG key ID: 023C05E2C9C068F0
1 changed files with 15 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
pinaxcon/settings.py
View file

@ -609,6 +609,7 @@ ACCOUNT_LOGIN_REDIRECT_URL = '/dashboard/'
ADMINS = [('', email) for email in os.environ.get('DJANGO_ADMINS', '').split(',') if email] ADMINS = [('', email) for email in os.environ.get('DJANGO_ADMINS', '').split(',') if email]
if not DEBUG:
# Django recommended security settings. # Django recommended security settings.
SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')