From d53d4f9823ec8a09e5a80902855f5812ca1ae00c Mon Sep 17 00:00:00 2001 From: Gabriel Augendre Date: Fri, 21 Aug 2020 13:40:02 +0200 Subject: [PATCH] Add some secure settings --- blog/settings.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/blog/settings.py b/blog/settings.py index 4e0218d..e5f71c0 100644 --- a/blog/settings.py +++ b/blog/settings.py @@ -53,6 +53,10 @@ HOSTS = os.getenv("HOSTS") if HOSTS: ALLOWED_HOSTS.extend(HOSTS.split(";")) +SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") +SESSION_COOKIE_SECURE = not DEBUG +CSRF_COOKIE_SECURE = not DEBUG + # Application definition