Darren/dpaste
1
0
Fork 0
mirror of https://github.com/DarrenOfficial/dpaste.git synced 2024-11-23 11:56:36 +11:00
Code Issues Projects Releases Packages Wiki Activity

CSP Settings

Browse source
This commit is contained in:
Martin Mahner 2018-01-08 12:21:52 +01:00
parent faf8874f50
commit 8582114b90
1 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
dpaste/settings/base.py
View file

@ -98,13 +98,6 @@ MIDDLEWARE_CLASSES = [
'csp.middleware.CSPMiddleware',
]
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_BROWSER_XSS_FILTER =True
SECURE_CONTENT_TYPE_NOSNIFF = True
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
@ -143,6 +136,17 @@ DATABASES = {
# stored in the user session.
MAX_SNIPPETS_PER_USER = 25
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_BROWSER_XSS_FILTER =True
SECURE_CONTENT_TYPE_NOSNIFF = True
CSP_DEFAULT_SRC = ("'none'",)
CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'")
CSP_STYLE_SRC = ("'self'", "'unsafe-inline'")
LOGGING = {
'version': 1,
'disable_existing_loggers': False,