diff options
| author | Philip Sargent <philip.sargent@klebos.com> | 2022-03-16 11:02:54 +0000 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@klebos.com> | 2022-03-16 11:02:54 +0000 |
| commit | 60fc66cdf5e359d0bfd82a306ff3a99d2089fc93 (patch) | |
| tree | cd2ce115da2922c65d9e79756d068a1785c7754e /security-warnings.txt | |
| parent | d3ddcba313c2cd677a1c9106f2d64c98e52c8f04 (diff) | |
| download | troggle-60fc66cdf5e359d0bfd82a306ff3a99d2089fc93.tar.gz troggle-60fc66cdf5e359d0bfd82a306ff3a99d2089fc93.tar.bz2 troggle-60fc66cdf5e359d0bfd82a306ff3a99d2089fc93.zip | |
package updates for Django 3.2
Diffstat (limited to 'security-warnings.txt')
| -rw-r--r-- | security-warnings.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security-warnings.txt b/security-warnings.txt index db85a63..11f4f2c 100644 --- a/security-warnings.txt +++ b/security-warnings.txt @@ -1,7 +1,7 @@ System check identified some issues: WARNINGS: -?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect. +?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, SECURE_REFERRER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect. ?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. ?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. ?: (security.W018) You should not have DEBUG set to True in deployment. |