From d53d4f9823ec8a09e5a80902855f5812ca1ae00c Mon Sep 17 00:00:00 2001
From: Gabriel Augendre <gabriel@augendre.info>
Date: Fri, 21 Aug 2020 13:40:02 +0200
Subject: [PATCH] Add some secure settings

---
 blog/settings.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/blog/settings.py b/blog/settings.py
index 4e0218d..e5f71c0 100644
--- a/blog/settings.py
+++ b/blog/settings.py
@@ -53,6 +53,10 @@ HOSTS = os.getenv("HOSTS")
 if HOSTS:
     ALLOWED_HOSTS.extend(HOSTS.split(";"))
 
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+SESSION_COOKIE_SECURE = not DEBUG
+CSRF_COOKIE_SECURE = not DEBUG
+
 
 # Application definition