Skip to content

Commit

Permalink
fix: ajout de paramètres Django renforçant la sécurité
Browse files Browse the repository at this point in the history
- gestion des tokens CSRF par des cookies "secure",
- toutes les redirections se font en SSL.
Ces fonctionnalités sont désactivées dans un environnement de dev.
  • Loading branch information
ikarius committed Dec 17, 2024
1 parent 9a6112c commit fa1ef3d
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions impact/impact/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,14 @@
# see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
# SESSION_COOKIE_SAMESITE = "Strict"

# Everything is SSL in production :
if not DEBUG:
SECURE_SSL_REDIRECT = True

# CSRF should be used with secure cookies if SSL is available
if not DEBUG:
CSRF_COOKIE_SECURE = True

# Django-vite configuration for static files build with vite
# https://github.com/MrBin99/django-vite
DJANGO_VITE_ASSETS_PATH = Path(BASE_DIR, "static", "svelte")
Expand Down

0 comments on commit fa1ef3d

Please sign in to comment.