diff options
| author | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-03-21 09:10:01 +0100 |
|---|---|---|
| committer | Étienne Loks <etienne.loks@iggdrasil.net> | 2023-03-21 09:10:01 +0100 |
| commit | 05911c88dacbc5dd974fa5697dd08e9ab1d35d1d (patch) | |
| tree | 77f9f5c3da85a7f0f1bf8d283f94933aa133dd39 | |
| parent | 63958b79f76e0840ba017321e4253d790f85d14f (diff) | |
| download | Ishtar-05911c88dacbc5dd974fa5697dd08e9ab1d35d1d.tar.bz2 Ishtar-05911c88dacbc5dd974fa5697dd08e9ab1d35d1d.zip | |
Add security settings
| -rw-r--r-- | example_project/settings.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/example_project/settings.py b/example_project/settings.py index cd0d51557..0aafbdf90 100644 --- a/example_project/settings.py +++ b/example_project/settings.py @@ -447,14 +447,16 @@ if SENTRY_ID and sentry_sdk: if ISHTAR_SECURE_OPTIONS: # verify https is ok before activating - SESSION_COOKIE_SECURE = True MIDDLEWARE += [ "django.middleware.security.SecurityMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware", ] SECURE_HSTS_SECONDS = 31536000 + SECURE_HSTS_PRELOAD = True + SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_BROWSER_XSS_FILTER = True SECURE_SSL_REDIRECT = True + SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True X_FRAME_OPTIONS = "DENY" |