Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improvements around http headers & settings #3545

Merged
merged 4 commits into from
Feb 21, 2024
Merged

Improvements around http headers & settings #3545

merged 4 commits into from
Feb 21, 2024

Conversation

atodorov
Copy link
Member

No description provided.

@atodorov
Explicitly define settings in order to document them
4d2a97b 
Add CSRF_COOKIE_AGE, CSRF_COOKIE_HTTPONLY, SESSION_COOKIE_HTTPONLY,
CSRF_COOKIE_SECURE and SESSION_COOKIE_SECURE to the settings file so
that they get automatically documented.

There should be no reason for any of these settings to be customized.
@atodorov
Move X-Frame-Options definition from nginx.conf into settings.py
ed75fb5 
Allows configuration via the ``X_FRAME_OPTIONS`` setting. Defaults to
``DENY``, see
https://docs.djangoproject.com/en/4.2/ref/settings/#x-frame-options
@atodorov
Move X-Content-Type-Options definition from nginx.conf to settings.py
1ee7830 
Allows configuration via the ``SECURE_CONTENT_TYPE_NOSNIFF`` setting.
Defaults to ``nosniff``, see
https://docs.djangoproject.com/en/4.2/ref/settings/#secure-content-type-nosniff
@atodorov
Configure the SECURE_SSL_REDIRECT setting to True
f43738d 
except when in development mode, see
https://docs.djangoproject.com/en/4.2/ref/settings/#secure-ssl-redirect
@atodorov atodorov force-pushed the improvements_around_http_headers branch from aef86d4 to f43738d Compare February 21, 2024 19:19
@atodorov atodorov merged commit d6a0bbd into master Feb 21, 2024
39 of 46 checks passed
@atodorov atodorov deleted the improvements_around_http_headers branch February 21, 2024 20:40
atodorov added a commit to kiwitcms/enterprise that referenced this pull request Feb 22, 2024
@atodorov
Update nginx.conf b/c X-Frame-Options & X-Content-Type-Options headers
c850eba 
are now served by the Django application. See
kiwitcms/Kiwi#3545
@atodorov atodorov mentioned this pull request Feb 22, 2024
Merged
atodorov added a commit to kiwitcms/enterprise that referenced this pull request Feb 22, 2024
@atodorov
Update nginx.conf b/c X-Frame-Options & X-Content-Type-Options headers
4dfdd1c 
are now served by the Django application. See
kiwitcms/Kiwi#3545
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@atodorov