mirror of
https://github.com/DarrenOfficial/dpaste.git
synced 2024-12-23 23:23:06 +11:00
CSP Settings
This commit is contained in:
parent
faf8874f50
commit
8582114b90
1 changed files with 11 additions and 7 deletions
|
@ -98,13 +98,6 @@ MIDDLEWARE_CLASSES = [
|
|||
'csp.middleware.CSPMiddleware',
|
||||
]
|
||||
|
||||
SESSION_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SECURE = True
|
||||
|
||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
SECURE_BROWSER_XSS_FILTER =True
|
||||
SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||
|
||||
TEMPLATES = [
|
||||
{
|
||||
'BACKEND': 'django.template.backends.django.DjangoTemplates',
|
||||
|
@ -143,6 +136,17 @@ DATABASES = {
|
|||
# stored in the user session.
|
||||
MAX_SNIPPETS_PER_USER = 25
|
||||
|
||||
SESSION_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SECURE = True
|
||||
|
||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
SECURE_BROWSER_XSS_FILTER =True
|
||||
SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||
|
||||
CSP_DEFAULT_SRC = ("'none'",)
|
||||
CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'")
|
||||
CSP_STYLE_SRC = ("'self'", "'unsafe-inline'")
|
||||
|
||||
LOGGING = {
|
||||
'version': 1,
|
||||
'disable_existing_loggers': False,
|
||||
|
|
Loading…
Reference in a new issue