Inicio Explorar Ayuda
Iniciar sesión
CityApper
/
wagtail_bakerydemo
espejo de https://github.com/wagtail/bakerydemo.git
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

Add some security-based settings to production config

Jake Howard hace 2 años
padre
d7a607a26e
commit
209a906e1c
Se han modificado 1 ficheros con 45 adiciones y 0 borrados
Dividir vista Mostrar estadísticas de diff
  1. 45 0
      bakerydemo/settings/production.py

+ 45 - 0
bakerydemo/settings/production.py
Ver fichero 

@@ -248,3 +248,48 @@ if os.environ.get("BASIC_AUTH_ENABLED", "false").lower().strip() == "true":
 
         ].split(",")
 
 
     BASIC_AUTH_RESPONSE_TEMPLATE = "base/basic_auth.html"
 
+
 
+
 
+# Force HTTPS redirect (enabled by default!)
 
+# https://docs.djangoproject.com/en/stable/ref/settings/#secure-ssl-redirect
 
+SECURE_SSL_REDIRECT = True
 
+
 
+# This will allow the cache to swallow the fact that the website is behind TLS
 
+# and inform the Django using "X-Forwarded-Proto" HTTP header.
 
+# https://docs.djangoproject.com/en/stable/ref/settings/#secure-proxy-ssl-header
 
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 
+
 
+# This is a setting activating the HSTS header. This will enforce the visitors to use
 
+# HTTPS for an amount of time specified in the header. Since we are expecting our apps
 
+# to run via TLS by default, this header is activated by default.
 
+# The header can be deactivated by setting this setting to 0, as it is done in the
 
+# dev and testing settings.
 
+# https://docs.djangoproject.com/en/stable/ref/settings/#secure-hsts-seconds
 
+DEFAULT_HSTS_SECONDS = 30 * 24 * 60 * 60  # 30 days
 
+SECURE_HSTS_SECONDS = int(
 
+    os.environ.get("SECURE_HSTS_SECONDS", DEFAULT_HSTS_SECONDS)
 
+)  # noqa
 
+
 
+# Do not use the `includeSubDomains` directive for HSTS. This needs to be prevented
 
+# because the apps are running on client domains (or our own for staging), that are
 
+# being used for other applications as well. We should therefore not impose any
 
+# restrictions on these unrelated applications.
 
+# https://docs.djangoproject.com/en/3.2/ref/settings/#secure-hsts-include-subdomains
 
+SECURE_HSTS_INCLUDE_SUBDOMAINS = False
 
+
 
+# https://docs.djangoproject.com/en/stable/ref/settings/#secure-browser-xss-filter
 
+SECURE_BROWSER_XSS_FILTER = True
 
+
 
+# https://docs.djangoproject.com/en/stable/ref/settings/#secure-content-type-nosniff
 
+SECURE_CONTENT_TYPE_NOSNIFF = True
 
+
 
+# Referrer-policy header settings.
 
+# https://django-referrer-policy.readthedocs.io/en/1.0/
 
+
 
+REFERRER_POLICY = os.environ.get(  # noqa
 
+    "SECURE_REFERRER_POLICY", "no-referrer-when-downgrade"
 
+).strip()
 
+
 
+# Allow the redirect importer to work in load-balanced / cloud environments.
 
+# https://docs.wagtail.io/en/v2.13/reference/settings.html#redirects
 
+WAGTAIL_REDIRECTS_FILE_STORAGE = "cache"