Conservancy/symposion_app
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Only apply Django security settings in production

Browse source
This commit is contained in:
Ben Sturmfels 2023-04-24 17:52:55 +10:00
parent 743a4f678a
commit 3e21ee85d0
Signed by: bsturmfels
GPG key ID: 023C05E2C9C068F0
1 changed files with 15 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
pinaxcon/settings.py
View file

@ -609,19 +609,20 @@ ACCOUNT_LOGIN_REDIRECT_URL = '/dashboard/'
ADMINS = [('', email) for email in os.environ.get('DJANGO_ADMINS', '').split(',') if email] ADMINS = [('', email) for email in os.environ.get('DJANGO_ADMINS', '').split(',') if email]
# Django recommended security settings. if not DEBUG:
SECURE_CONTENT_TYPE_NOSNIFF = True # Django recommended security settings.
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_SSL_REDIRECT = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')
SECURE_BROWSER_XSS_FILTER = True SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True SECURE_BROWSER_XSS_FILTER = True
CSRF_COOKIE_SECURE = True SESSION_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True CSRF_COOKIE_SECURE = True
X_FRAME_OPTIONS = 'DENY' CSRF_COOKIE_HTTPONLY = True
X_FRAME_OPTIONS = 'DENY'
SILENCED_SYSTEM_CHECKS = [ SILENCED_SYSTEM_CHECKS = [
# HSTS is handled by Nginx. # HSTS is handled by Nginx.
'security.W004', 'security.W004',
# Don't want to preload HSTS at this stage. # Don't want to preload HSTS at this stage.
'security.W021'] 'security.W021']