mirror of
https://github.com/DarrenOfficial/dpaste.git
synced 2024-12-23 23:23:06 +11:00
Security Enhancements.
This commit is contained in:
parent
4924c88107
commit
90e5008b03
3 changed files with 38 additions and 7 deletions
20
dpaste/migrations/0004_auto_20180107_1603.py
Normal file
20
dpaste/migrations/0004_auto_20180107_1603.py
Normal file
|
@ -0,0 +1,20 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.11.9 on 2018-01-07 16:03
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('dpaste', '0003_snippet_highlighted'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name='snippet',
|
||||
name='lexer',
|
||||
field=models.CharField(default='python', max_length=30, verbose_name='Lexer'),
|
||||
),
|
||||
]
|
|
@ -70,15 +70,11 @@ LOCALE_PATHS = (
|
|||
)
|
||||
|
||||
#==============================================================================
|
||||
# Static files
|
||||
# Project URLS and media settings
|
||||
#==============================================================================
|
||||
|
||||
STATIC_ROOT = os.path.join(VAR_ROOT, 'static')
|
||||
|
||||
#==============================================================================
|
||||
# Project URLS and media settings
|
||||
#==============================================================================
|
||||
|
||||
STATIC_URL = '/static/'
|
||||
ADMIN_MEDIA_PREFIX = '/static/admin/'
|
||||
|
||||
|
@ -92,14 +88,22 @@ LOGIN_REDIRECT_URL = '/'
|
|||
# Templates
|
||||
#==============================================================================
|
||||
|
||||
MIDDLEWARE_CLASSES = (
|
||||
MIDDLEWARE_CLASSES = [
|
||||
'django.middleware.csrf.CsrfViewMiddleware',
|
||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||
'django.middleware.common.CommonMiddleware',
|
||||
'django.middleware.locale.LocaleMiddleware',
|
||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||
)
|
||||
'django.middleware.security.SecurityMiddleware',
|
||||
'csp.middleware.CSPMiddleware',
|
||||
]
|
||||
|
||||
SESSION_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SECURE = True
|
||||
|
||||
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||
SECURE_BROWSER_XSS_FILTER =True
|
||||
SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||
|
||||
TEMPLATES = [
|
||||
{
|
||||
|
|
|
@ -19,3 +19,10 @@ DATABASES = {
|
|||
SECRET_KEY = 'changeme'
|
||||
|
||||
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
||||
|
||||
INSTALLED_APPS += ('sslserver',)
|
||||
|
||||
# Disable for local development
|
||||
if not 'runsslserver' in sys.argv:
|
||||
SESSION_COOKIE_SECURE = False
|
||||
CSRF_COOKIE_SECURE = False
|
||||
|
|
Loading…
Reference in a new issue