summaryrefslogtreecommitdiffstats
path: root/security-warnings.txt
diff options
context:
space:
mode:
Diffstat (limited to 'security-warnings.txt')
-rw-r--r--security-warnings.txt9
1 files changed, 9 insertions, 0 deletions
diff --git a/security-warnings.txt b/security-warnings.txt
new file mode 100644
index 0000000..8b82451
--- /dev/null
+++ b/security-warnings.txt
@@ -0,0 +1,9 @@
+System check identified some issues:
+
+WARNINGS:
+?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
+?: (security.W008) Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
+?: (security.W018) You should not have DEBUG set to True in deployment.
+?: (security.W019) You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.
+
+System check identified 4 issues (0 silenced).
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-10 10:26:39 +0000