Only apply Django security settings in production

2023-04-24 17:52:55 +10:00 · 2023-04-24 17:52:55 +10:00 · 3e21ee85d0
commit 3e21ee85d0
parent 743a4f678a
1 changed files with 15 additions and 14 deletions
--- a/pinaxcon/settings.py
+++ b/pinaxcon/settings.py
@ -609,6 +609,7 @@ ACCOUNT_LOGIN_REDIRECT_URL = '/dashboard/'

 ADMINS = [('', email) for email in os.environ.get('DJANGO_ADMINS', '').split(',') if email]

+if not DEBUG:
    # Django recommended security settings.
    SECURE_CONTENT_TYPE_NOSNIFF = True
    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')