Secure: CSP and HTTPS
This commit is contained in:
parent
0c190af69d
commit
48d087acf0
1 changed files with 12 additions and 0 deletions
|
|
@ -25,6 +25,18 @@ CSRF_TRUSTED_ORIGINS = ["https://fbf.nabu-jena.de"]
|
|||
# Cookies
|
||||
SESSION_COOKIE_SECURE = True
|
||||
|
||||
# DJANGO Content Security Policy
|
||||
CSP_DEFAULT_SRC = ("'self'",)
|
||||
CSP_STYLE_SRC = ("'self'",)
|
||||
CSP_SCRIPT_SRC = ("'self'",)
|
||||
CSP_IMG_SRC = ("'self'",)
|
||||
CSP_FONT_SRC = ("'self'",)
|
||||
|
||||
# HTTPS
|
||||
SECURE_HSTS_SECONDS = 0
|
||||
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
||||
SECURE_HSTS_PRELOAD = True
|
||||
|
||||
# Allowed Hosts
|
||||
ALLOWED_HOSTS = [env("ALLOWED_HOSTS")]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue