diff options
Diffstat (limited to 'security-warnings.txt')
| -rw-r--r-- | security-warnings.txt | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/security-warnings.txt b/security-warnings.txt index edfad59..db85a63 100644 --- a/security-warnings.txt +++ b/security-warnings.txt @@ -5,6 +5,5 @@ WARNINGS: ?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. ?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. ?: (security.W018) You should not have DEBUG set to True in deployment. -?: (security.W019) You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'. -System check identified 5 issues (0 silenced). +System check identified 4 issues (0 silenced). |