Skip to content

Commit

Permalink
add commented out security settings if using docker
Browse files Browse the repository at this point in the history
  • Loading branch information
jameswilliams1 committed Nov 28, 2020
1 parent 9fd9582 commit a9eb69a
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions {{cookiecutter.project_slug}}/config/settings/production.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,22 @@
# ------------------------------------------------------------------------------
{% if cookiecutter.use_docker -%}
# NOTE headers are managed by the security-headers middleware in traefik.yml
# Uncomment the following if you are not using Traefik
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-ssl-redirect
# SECURE_SSL_REDIRECT = env.bool("DJANGO_SECURE_SSL_REDIRECT", default=True)
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-seconds
# TODO increase this to *at least* 31536000 (1 year) once HTTPS works
# SECURE_HSTS_SECONDS = 60
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-include-subdomains
# SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool(
# "DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS", default=True
# )
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-hsts-preload
# SECURE_HSTS_PRELOAD = env.bool("DJANGO_SECURE_HSTS_PRELOAD", default=True)
# https://docs.djangoproject.com/en/dev/ref/middleware/#x-content-type-options-nosniff
# SECURE_CONTENT_TYPE_NOSNIFF = env.bool(
# "DJANGO_SECURE_CONTENT_TYPE_NOSNIFF", default=True
# )
{% else -%}
# TODO set security headers in your load balancer if possible and remove these
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-ssl-redirect
Expand Down

0 comments on commit a9eb69a

Please sign in to comment.