MàJ de l'environnement de production pour la sécurité des cookies, HSTS, etc.

This commit is contained in:
Olivier DOSSMANN 2018-02-03 19:40:52 +01:00
parent bb52c3c19b
commit 5e1c32a2ff

View File

@ -32,3 +32,14 @@ DATABASES = {
'PORT': os.getenv('POSTGRES_PORT', '5432'), 'PORT': os.getenv('POSTGRES_PORT', '5432'),
} }
} }
# Security
SECURE_HSTS_SECONDS = 3600
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
X_FRAME_OPTIONS = 'DENY'