4.5. Settings SecurityΒΆ
Append to myproject/settings.py
:
>>>
... MYPROJECT_HTTPSONLY = bool(os.getenv('MYPROJECT_HTTPSONLY', default=False))
...
... if MYPROJECT_HTTPSONLY:
... SECURE_SSL_REDIRECT = True
... SESSION_COOKIE_SECURE = True
... CSRF_COOKIE_SECURE = True
... SECURE_HSTS_SECONDS = 3600
... else:
... SECURE_SSL_REDIRECT = False
... SESSION_COOKIE_SECURE = False
... CSRF_COOKIE_SECURE = False
... SECURE_HSTS_SECONDS = 0
...
... SECURE_HSTS_INCLUDE_SUBDOMAINS = True
... SECURE_CONTENT_TYPE_NOSNIFF = True
... SECURE_BROWSER_XSS_FILTER = True
... X_FRAME_OPTIONS = 'DENY'