summaryrefslogtreecommitdiffstats
path: root/security-warnings.txt
diff options
context:
space:
mode:
Diffstat (limited to 'security-warnings.txt')
-rw-r--r--security-warnings.txt2
1 files changed, 1 insertions, 1 deletions
diff --git a/security-warnings.txt b/security-warnings.txt
index db85a63..11f4f2c 100644
--- a/security-warnings.txt
+++ b/security-warnings.txt
@@ -1,7 +1,7 @@
System check identified some issues:
WARNINGS:
-?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, and SECURE_SSL_REDIRECT settings will have no effect.
+?: (security.W001) You do not have 'django.middleware.security.SecurityMiddleware' in your MIDDLEWARE so the SECURE_HSTS_SECONDS, SECURE_CONTENT_TYPE_NOSNIFF, SECURE_BROWSER_XSS_FILTER, SECURE_REFERRER_POLICY, and SECURE_SSL_REDIRECT settings will have no effect.
?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
?: (security.W018) You should not have DEBUG set to True in deployment.
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-07 23:25:12 +0000