Update security settings
This commit is contained in:
parent
c3ccb8e369
commit
c5af0c6d80
1 changed files with 6 additions and 1 deletions
|
|
@ -15,7 +15,7 @@ ALLOWED_HOSTS = []
|
|||
|
||||
INTERNAL_IPS = ['localhost', '127.0.0.1',]
|
||||
|
||||
#
|
||||
# Localization
|
||||
|
||||
LANGUAGES = [
|
||||
('en', _('English')),
|
||||
|
|
@ -56,6 +56,7 @@ MIDDLEWARE = [
|
|||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||||
'django.contrib.messages.middleware.MessageMiddleware',
|
||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||
'django.middleware.security.SecurityMiddleware',
|
||||
]
|
||||
|
||||
ROOT_URLCONF = 'config.urls'
|
||||
|
|
@ -155,10 +156,14 @@ SESSION_COOKIE_AGE = 60 * 60 * 24 * 365 * 5 # 5 vuotta
|
|||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
SESSION_COOKIE_SAMESITE = 'Lax'
|
||||
SESSION_CACHE_ALIAS = "default"
|
||||
SESSION_COOKIE_SECURE = True
|
||||
|
||||
# Sessio backend: cache + fallback tietokantaan
|
||||
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
|
||||
|
||||
CSRF_COOKIE_SECURE = True
|
||||
SECURE_SSL_REDIRECT = True
|
||||
|
||||
# Redis cache
|
||||
CACHES = {
|
||||
"default": {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue