Reformatting
This commit is contained in:
PCoder
parent
0168c7b9c1
commit
8ae3df8105
1 changed files with 15 additions and 3 deletions
18
notes.md
18
notes.md
|
|
@ -32,22 +32,34 @@ WARNINGS:
|
|||
|
||||
## Other security configurations for Django
|
||||
|
||||
# What are the various security parameters ? https://django-secure.readthedocs.io/en/latest/settings.html
|
||||
What are the various security parameters ? https://django-secure.readthedocs.io/en/latest/settings.html
|
||||
|
||||
1. XSS
|
||||
|
||||
```
|
||||
# For Xss filter See https://scotthelme.co.uk/x-xss-protection-1-mode-block-demo/
|
||||
SECURE_BROWSER_XSS_FILTER = True
|
||||
```
|
||||
|
||||
```
|
||||
# See https://docs.djangoproject.com/en/dev/ref/middleware/#x-content-type-options-nosniff
|
||||
SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||
```
|
||||
|
||||
2. HSTS settings
|
||||
|
||||
```
|
||||
# Make the production server to respond to https always or set the strict https settings iff for a single domain
|
||||
SECURE_HSTS_INCLUDE_SUBDOMAINS=True
|
||||
# 30 seconds or above based on whether increasing this value breaks something
|
||||
SECURE_HSTS_SECONDS=30 seconds and above based on tests
|
||||
SECURE_HSTS_PRELOAD = True
|
||||
|
||||
```
|
||||
3. Force/exempt ssl urls
|
||||
```
|
||||
# set to any regex of urls that need to be served over plain http
|
||||
# https://django-secure.readthedocs.io/en/latest/settings.html#secure-ssl-redirect
|
||||
SECURE_REDIRECT_EXEMPT = []
|
||||
SECURE_SSL_HOST = None
|
||||
SECURE_SSL_REDIRECT = False
|
||||
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in a new issue