diff options
| author | Philip Sargent <philip.sargent@klebos.com> | 2020-07-28 01:46:00 +0100 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@klebos.com> | 2020-07-28 01:46:00 +0100 |
| commit | 42456e8e98bee298f874cd2e7f90d0666965807b (patch) | |
| tree | 5a03520f3ff95a56670f33f5c158f649aed02410 /settings.py | |
| parent | 0094cf7054c839d5ff62e970c85e2de3f4c6334d (diff) | |
| download | troggle-42456e8e98bee298f874cd2e7f90d0666965807b.tar.gz troggle-42456e8e98bee298f874cd2e7f90d0666965807b.tar.bz2 troggle-42456e8e98bee298f874cd2e7f90d0666965807b.zip | |
fix server instructions + comment in stats output
Diffstat (limited to 'settings.py')
| -rw-r--r-- | settings.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/settings.py b/settings.py index 78550d8..6c1bec1 100644 --- a/settings.py +++ b/settings.py @@ -100,7 +100,7 @@ SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_BROWSER_XSS_FILTER = True #SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel CSRF_COOKIE_SECURE = True -X_FRAME_OPTIONS = 'SAMEORIGIN' # change to "DENY" after we eliminate all the iframes in use. +X_FRAME_OPTIONS = 'SAMEORIGIN' # change to "DENY" after we eliminate all the iframes e.g. /xmlvalid.html INSTALLED_APPS = ( 'django.contrib.admin', @@ -124,7 +124,7 @@ MIDDLEWARE_CLASSES = ( 'django.contrib.auth.middleware.AuthenticationMiddleware', # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest 'django.contrib.admindocs.middleware.XViewMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support - 'django.middleware.clickjacking.XFrameOptionsMiddleware', # lickjacking protection via the X-Frame-Options header + 'django.middleware.clickjacking.XFrameOptionsMiddleware', # clickjacking protection via the X-Frame-Options header 'troggle.middleware.SmartAppendSlashMiddleware' # Outdated & unneeded? ) |