Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Lock this baby down. Thanks, PaulM.

  • Loading branch information...
commit 40730832663332450982e84eb271fd36800ca0f1 1 parent d92c4d3
@jacobian jacobian authored
Showing with 13 additions and 0 deletions.
  1. +1 −0  deploy-requirements.txt
  2. +12 −0 django_website/settings/www.py
View
1  deploy-requirements.txt
@@ -5,6 +5,7 @@ Django >= 1.3, < 1.4
django-haystack == 1.1.0
django-push == 0.4
django-registration == 0.7
+django-secure == 0.1.0
docutils >= 0.6, < 0.7
FeedParser >= 5.0, <= 5.1
Jinja2 >= 2.4, < 2.5
View
12 django_website/settings/www.py
@@ -67,6 +67,7 @@
'django_website.docs',
'registration',
'south',
+ 'djangosecure',
]
CACHE_MIDDLEWARE_SECONDS = 60 * 5 # 5 minutes
@@ -75,7 +76,9 @@
CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True
MIDDLEWARE_CLASSES = [
+ 'djangosecure.middleware.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
@@ -161,6 +164,15 @@
PUSH_CREDENTIALS = 'django_website.aggregator.utils.push_credentials'
PUSH_SSL_CALLBACK = PRODUCTION
+# Lock down some security stuff
+if PRODUCTION:
+ SESSION_COOKIE_SECURE = True
+ SESSION_COOKIE_HTTPONLY = True
+ SECURE_SSL_REDIRECT = True
+ SECURE_FRAME_DENY = True
+ SECURE_HSTS_SECONDS = 600
+ SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTOCOL", "SSL")
+
# If django-debug-toolbar is installed enable it.
if not PRODUCTION:
try:

0 comments on commit 4073083

Please sign in to comment.
Something went wrong with that request. Please try again.