MàJ de l'environnement de production pour la sécurité des cookies, HSTS, etc.

2018-02-03 19:40:52 +01:00 · 2018-02-03 19:40:52 +01:00 · 5e1c32a2ff
commit 5e1c32a2ff
parent bb52c3c19b
1 changed files with 11 additions and 0 deletions
--- a/collection/collection/environments/production.py
+++ b/collection/collection/environments/production.py
@ -32,3 +32,14 @@ DATABASES = {
        'PORT': os.getenv('POSTGRES_PORT', '5432'),
    }
 }
+
+# Security
+SECURE_HSTS_SECONDS = 3600
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_SSL_REDIRECT = True
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+X_FRAME_OPTIONS = 'DENY'