Permalink
Browse files

hsts

  • Loading branch information...
benadida committed Oct 27, 2017
1 parent 47612a4 commit 3e3424aa174b4b1bf87cce7b14d3ba00f30fa82a
Showing with 13 additions and 2 deletions.
  1. +7 −0 helios/security.py
  2. +6 −2 settings.py
View
@@ -20,6 +20,13 @@
import helios
class HSTSMiddleware:
def process_response(self, request, response):
if settings.STS:
response['Strict-Transport-Security'] = "max-age=31536000; includeSubDomains; preload"
return response
# current voter
def get_voter(request, user, election):
"""
View
@@ -101,10 +101,13 @@ def get_from_env(var, default):
SESSION_COOKIE_HTTPONLY = True
# let's go with one year because that's the way to do it now
STS = False
if (get_from_env('HSTS', '0') == '1'):
SECURE_HSTS_SECONDS = 31536000
STS = True
# we're using our own custom middleware now
# SECURE_HSTS_SECONDS = 31536000
# not doing subdomains for now cause that is not likely to be necessary and can screw things up.
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
# SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
@@ -121,6 +124,7 @@ def get_from_env(var, default):
# secure a bunch of things
'djangosecure.middleware.SecurityMiddleware',
'helios.security.HSTSMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.common.CommonMiddleware',

0 comments on commit 3e3424a

Please sign in to comment.