mravi/portal_review
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Reformatting

Browse source
This commit is contained in:
PCoder 2020-02-11 09:46:15 +05:30
parent 0168c7b9c1
commit 8ae3df8105
1 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
notes.md
View file

@ -32,22 +32,34 @@ WARNINGS:
## Other security configurations for Django ## Other security configurations for Django
# What are the various security parameters ? https://django-secure.readthedocs.io/en/latest/settings.html What are the various security parameters ? https://django-secure.readthedocs.io/en/latest/settings.html
1. XSS
```
# For Xss filter See https://scotthelme.co.uk/x-xss-protection-1-mode-block-demo/ # For Xss filter See https://scotthelme.co.uk/x-xss-protection-1-mode-block-demo/
SECURE_BROWSER_XSS_FILTER = True SECURE_BROWSER_XSS_FILTER = True
```
```
# See https://docs.djangoproject.com/en/dev/ref/middleware/#x-content-type-options-nosniff # See https://docs.djangoproject.com/en/dev/ref/middleware/#x-content-type-options-nosniff
SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_CONTENT_TYPE_NOSNIFF = True
```
2. HSTS settings
```
# Make the production server to respond to https always or set the strict https settings iff for a single domain # Make the production server to respond to https always or set the strict https settings iff for a single domain
SECURE_HSTS_INCLUDE_SUBDOMAINS=True SECURE_HSTS_INCLUDE_SUBDOMAINS=True
# 30 seconds or above based on whether increasing this value breaks something # 30 seconds or above based on whether increasing this value breaks something
SECURE_HSTS_SECONDS=30 seconds and above based on tests SECURE_HSTS_SECONDS=30 seconds and above based on tests
SECURE_HSTS_PRELOAD = True SECURE_HSTS_PRELOAD = True
```
3. Force/exempt ssl urls
```
# set to any regex of urls that need to be served over plain http # set to any regex of urls that need to be served over plain http
# https://django-secure.readthedocs.io/en/latest/settings.html#secure-ssl-redirect # https://django-secure.readthedocs.io/en/latest/settings.html#secure-ssl-redirect
SECURE_REDIRECT_EXEMPT = [] SECURE_REDIRECT_EXEMPT = []
SECURE_SSL_HOST = None SECURE_SSL_HOST = None
SECURE_SSL_REDIRECT = False SECURE_SSL_REDIRECT = False
```