From 66c343421980b5ce301eaa202d5090d6f45833ab Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Fri, 17 Mar 2023 16:03:02 +0100
Subject: settings: add "ISHTAR_SECURE_OPTIONS" to activate Django secured
 options

---
 example_project/settings.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'example_project')

diff --git a/example_project/settings.py b/example_project/settings.py
index 8248b6713..cd0d51557 100644
--- a/example_project/settings.py
+++ b/example_project/settings.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 # Django settings for ishtar project.
 
@@ -291,6 +291,7 @@ ISHTAR_DOC_TYPES = {"undefined": "Undefined"}
 
 ISHTAR_SEARCH_LANGUAGE = "french"
 ISHTAR_SECURE = True
+ISHTAR_SECURE_OPTIONS = False
 ISHTAR_DPTS = []
 
 MAX_ATTEMPTS = 1  # django background tasks
@@ -442,3 +443,18 @@ if SENTRY_ID and sentry_sdk:
         send_default_pii=True,
         release=get_version() + "-" + EXTRA_VERSION
     )
+
+
+if ISHTAR_SECURE_OPTIONS:
+    # verify https is ok before activating
+    SESSION_COOKIE_SECURE = True
+    MIDDLEWARE += [
+        "django.middleware.security.SecurityMiddleware",
+        "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    ]
+    SECURE_HSTS_SECONDS = 31536000
+    SECURE_CONTENT_TYPE_NOSNIFF = True
+    SECURE_BROWSER_XSS_FILTER = True
+    SECURE_SSL_REDIRECT = True
+    CSRF_COOKIE_SECURE = True
+    X_FRAME_OPTIONS = "DENY"
-- 
cgit v1.2.3