From 5e1c32a2ff70c8ea87e05e95873c329b69634e33 Mon Sep 17 00:00:00 2001
From: Olivier DOSSMANN <git@dossmann.net>
Date: Sat, 3 Feb 2018 19:40:52 +0100
Subject: [PATCH] =?UTF-8?q?M=C3=A0J=20de=20l'environnement=20de=20producti?=
 =?UTF-8?q?on=20pour=20la=20s=C3=A9curit=C3=A9=20des=20cookies,=20HSTS,=20?=
 =?UTF-8?q?etc.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 collection/collection/environments/production.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/collection/collection/environments/production.py b/collection/collection/environments/production.py
index ceb3716..a7217a3 100644
--- a/collection/collection/environments/production.py
+++ b/collection/collection/environments/production.py
@@ -32,3 +32,14 @@ DATABASES = {
         'PORT': os.getenv('POSTGRES_PORT', '5432'),
     }
 }
+
+# Security
+SECURE_HSTS_SECONDS = 3600
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_SSL_REDIRECT = True
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+X_FRAME_OPTIONS = 'DENY'