mirror of
https://github.com/DarrenOfficial/dpaste.git
synced 2024-11-15 08:02:54 +11:00
Security Enhancements.
This commit is contained in:
Martin Mahner
parent
4924c88107
commit
90e5008b03
3 changed files with 38 additions and 7 deletions
20
dpaste/migrations/0004_auto_20180107_1603.py
Normal file
20
dpaste/migrations/0004_auto_20180107_1603.py
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Generated by Django 1.11.9 on 2018-01-07 16:03
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('dpaste', '0003_snippet_highlighted'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='snippet',
|
||||||
|
name='lexer',
|
||||||
|
field=models.CharField(default='python', max_length=30, verbose_name='Lexer'),
|
||||||
|
),
|
||||||
|
]
|
||||||
|
|
@ -70,15 +70,11 @@ LOCALE_PATHS = (
|
||||||
)
|
)
|
||||||
|
|
||||||
#==============================================================================
|
#==============================================================================
|
||||||
# Static files
|
# Project URLS and media settings
|
||||||
#==============================================================================
|
#==============================================================================
|
||||||
|
|
||||||
STATIC_ROOT = os.path.join(VAR_ROOT, 'static')
|
STATIC_ROOT = os.path.join(VAR_ROOT, 'static')
|
||||||
|
|
||||||
#==============================================================================
|
|
||||||
# Project URLS and media settings
|
|
||||||
#==============================================================================
|
|
||||||
|
|
||||||
STATIC_URL = '/static/'
|
STATIC_URL = '/static/'
|
||||||
ADMIN_MEDIA_PREFIX = '/static/admin/'
|
ADMIN_MEDIA_PREFIX = '/static/admin/'
|
||||||
|
|
||||||
|
|
@ -92,14 +88,22 @@ LOGIN_REDIRECT_URL = '/'
|
||||||
# Templates
|
# Templates
|
||||||
#==============================================================================
|
#==============================================================================
|
||||||
|
|
||||||
MIDDLEWARE_CLASSES = (
|
MIDDLEWARE_CLASSES = [
|
||||||
'django.middleware.csrf.CsrfViewMiddleware',
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.middleware.locale.LocaleMiddleware',
|
'django.middleware.locale.LocaleMiddleware',
|
||||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||||
)
|
'django.middleware.security.SecurityMiddleware',
|
||||||
|
'csp.middleware.CSPMiddleware',
|
||||||
|
]
|
||||||
|
|
||||||
|
SESSION_COOKIE_SECURE = True
|
||||||
|
CSRF_COOKIE_SECURE = True
|
||||||
|
|
||||||
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
||||||
|
SECURE_BROWSER_XSS_FILTER =True
|
||||||
|
SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||||
|
|
||||||
TEMPLATES = [
|
TEMPLATES = [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -19,3 +19,10 @@ DATABASES = {
|
||||||
SECRET_KEY = 'changeme'
|
SECRET_KEY = 'changeme'
|
||||||
|
|
||||||
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
||||||
|
|
||||||
|
INSTALLED_APPS += ('sslserver',)
|
||||||
|
|
||||||
|
# Disable for local development
|
||||||
|
if not 'runsslserver' in sys.argv:
|
||||||
|
SESSION_COOKIE_SECURE = False
|
||||||
|
CSRF_COOKIE_SECURE = False
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue