diff options
| author | Philip Sargent <philip.sargent@klebos.com> | 2021-04-26 18:42:10 +0100 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@klebos.com> | 2021-04-26 18:42:10 +0100 |
| commit | d43ce1bdb278c021d18e9a5af26f68dc2711c7f1 (patch) | |
| tree | 6da5c238304ee8d14103f9debe30f7d39eafe57d /security-warnings.txt | |
| parent | bd647b99ec7bd4ae9d3b8b7a6f5b0c274f90bb2e (diff) | |
| download | troggle-d43ce1bdb278c021d18e9a5af26f68dc2711c7f1.tar.gz troggle-d43ce1bdb278c021d18e9a5af26f68dc2711c7f1.tar.bz2 troggle-d43ce1bdb278c021d18e9a5af26f68dc2711c7f1.zip | |
rename TUNNEL_DATA as DRAWINGS_DATA
Diffstat (limited to 'security-warnings.txt')
| -rw-r--r-- | security-warnings.txt | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security-warnings.txt b/security-warnings.txt index 6c90561..edfad59 100644 --- a/security-warnings.txt +++ b/security-warnings.txt @@ -2,9 +2,9 @@ System check identified some issues: WARNINGS: ?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect. -?: (security.W002) You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks. -?: (security.W003) You don't appear to be using Django's built-in cross-site request forgery protection via the middleware ('django.middleware.csrf.CsrfViewMiddleware' is not in your MIDDLEWARE). Enabling the middleware is the safest approach to ensure you don't leave any holes. -?: (security.W010) You have 'django.contrib.sessions' in your INSTALLED_APPS, but you have not set SESSION_COOKIE_SECURE to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. +?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. +?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. ?: (security.W018) You should not have DEBUG set to True in deployment. +?: (security.W019) You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'. System check identified 5 issues (0 silenced). |