Skip to content
Permalink
Browse files
Default session and CSRF cookie setting to secure
  • Loading branch information
cdubz committed Sep 17, 2021
1 parent 956453b commit 8ea68eed540971b7cc0157162cdaec4c673f2b79
Showing with 12 additions and 6 deletions.
  1. +12 −6 babybuddy/settings/base.py
@@ -233,6 +233,18 @@
THUMBNAIL_DEFAULT_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'


# Security
# https://docs.djangoproject.com/en/3.2/topics/http/sessions/#settings
# https://docs.djangoproject.com/en/3.2/ref/csrf/#settings

# See https://docs.djangoproject.com/en/3.2/ref/settings/#secure-proxy-ssl-header for why and when to set this
if os.environ.get('SECURE_PROXY_SSL_HEADER'):
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True


# Django Rest Framework
# https://www.django-rest-framework.org/

@@ -291,9 +303,3 @@
'NAP_START_MAX': os.environ.get('NAP_START_MAX') or '18:00',
'ALLOW_UPLOADS': os.environ.get('ALLOW_UPLOADS') or True
}

# Set SECURE_PROXY_SSL_HEADER
# See https://docs.djangoproject.com/en/3.2/ref/settings/#secure-proxy-ssl-header for why and when to set this

if os.environ.get('SECURE_PROXY_SSL_HEADER'):
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

0 comments on commit 8ea68ee

Please sign in to comment.