diff options
| author | Philip Sargent <philip.sargent@klebos.com> | 2020-06-20 23:08:34 +0100 |
|---|---|---|
| committer | Philip Sargent <philip.sargent@klebos.com> | 2020-06-20 23:08:34 +0100 |
| commit | f3232cc5df9e28a7c13920c2198745afbb3cb944 (patch) | |
| tree | 4e0bdc1beedbacdb7da21f76315801328457bff6 /settings.py | |
| parent | 477a289c2e413af2606c1095d4cb43dbb91c916e (diff) | |
| download | troggle-f3232cc5df9e28a7c13920c2198745afbb3cb944.tar.gz troggle-f3232cc5df9e28a7c13920c2198745afbb3cb944.tar.bz2 troggle-f3232cc5df9e28a7c13920c2198745afbb3cb944.zip | |
More security, middleware upgrade, dj-reg.2.5
Diffstat (limited to 'settings.py')
| -rw-r--r-- | settings.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/settings.py b/settings.py index 51c2633..83ce1b3 100644 --- a/settings.py +++ b/settings.py @@ -95,6 +95,11 @@ SMART_APPEND_SLASH = True SECRET_KEY = "not-the-real-secret-key-a#vaeozn0---^fj!355qki*vj2" LOGIN_REDIRECT_URL = '/' +SECURE_CONTENT_TYPE_NOSNIFF = True +SECURE_BROWSER_XSS_FILTER = True +#SESSION_COOKIE_SECURE = True # if enabled, cannot login to Django control panel +CSRF_COOKIE_SECURE = True +X_FRAME_OPTIONS = 'SAMEORIGIN' # change to "DENY" after we eliminate all the iframes in use. INSTALLED_APPS = ( 'django.contrib.admin', @@ -102,7 +107,7 @@ INSTALLED_APPS = ( 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', -# 'django.contrib.staticfiles', +# 'django.contrib.staticfiles', # apparently not working. Using workarounds with flatpages 'registration', 'troggle.profiles', 'troggle.core', @@ -110,6 +115,7 @@ INSTALLED_APPS = ( ) MIDDLEWARE_CLASSES = ( + 'django.middleware.security.SecurityMiddleware', 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', |