Permalink
Browse files

add django-secure

  • Loading branch information...
1 parent b28c7fe commit e900c73098d4ca0303f0c5affba1833fa40e0a7c @fiee committed Dec 8, 2012
Showing with 14 additions and 0 deletions.
  1. +12 −0 project_name/settings.py
  2. +2 −0 requirements.txt
View
@@ -215,6 +215,7 @@
# ==============================================================================
INSTALLED_APPS = [
+ 'djangosecure',
#'admin_tools',
#'admin_tools.theming',
#'admin_tools.menu',
@@ -241,6 +242,7 @@
MIDDLEWARE_CLASSES = [
'django.middleware.cache.UpdateCacheMiddleware', # first
'django.middleware.gzip.GZipMiddleware', # second after UpdateCache
+ 'djangosecure.middleware.SecurityMiddleware', # as first as possible
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
@@ -327,6 +329,16 @@
ADMIN_TOOLS_INDEX_DASHBOARD = '%s.dashboard.CustomIndexDashboard' % PROJECT_NAME
ADMIN_TOOLS_APP_INDEX_DASHBOARD = '%s.dashboard.CustomAppIndexDashboard' % PROJECT_NAME
+# django-secure
+SECURE_SSL_REDIRECT=True # if all non-SSL requests should be permanently redirected to SSL.
+SECURE_HSTS_SECONDS=10 # integer number of seconds, if you want to use HTTP Strict Transport Security
+SECURE_HSTS_INCLUDE_SUBDOMAINS=True # if you want to use HTTP Strict Transport Security
+SECURE_FRAME_DENY=True # if you want to prevent framing of your pages and protect them from clickjacking.
+SECURE_CONTENT_TYPE_NOSNIFF=True # if you want to prevent the browser from guessing asset content types.
+SECURE_BROWSER_XSS_FILTER=True # if you want to enable the browser's XSS filtering protections.
+SESSION_COOKIE_SECURE=True # if you are using django.contrib.sessions
+SESSION_COOKIE_HTTPONLY=True # if you are using django.contrib.sessions
+
# ==============================================================================
# host specific settings
# ==============================================================================
View
@@ -4,6 +4,7 @@ gunicorn==0.13.4 # not with fcgi
#python-memcached # for memcached cache (you must install that separately)
Django
south
+django-secure
#django-tagging-ng # original tagging works only up to Django 1.0
#django-tinymce
#django-mptt # working version only in SVN! see http://github.com/django-mptt/django-mptt
@@ -13,3 +14,4 @@ south
#django-guardian
#django-admin-tools
#django-debug-toolbar
+# see also http://procrastinatingdev.com/django/my-requirements-txt/

0 comments on commit e900c73

Please sign in to comment.