expo/troggle
2
0
Fork 1
mirror of https://expo.survex.com/repositories/troggle/.git synced 2026-04-02 20:11:00 +01:00
Code Issues 18 Projects 3 Activity

More security, middleware upgrade, dj-reg.2.5

Browse Source
This commit is contained in:
Philip Sargent
2020-06-20 23:08:34 +01:00
parent 477a289c2e
commit f3232cc5df
13 changed files with 96 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
security-warnings.txt Normal file
View File

@@ -0,0 +1,9 @@
System check identified some issues:
WARNINGS:
?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
?: (security.W008) Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
?: (security.W018) You should not have DEBUG set to True in deployment.
?: (security.W019) You have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, but X_FRAME_OPTIONS is not set to 'DENY'. The default is 'SAMEORIGIN', but unless there is a good reason for your site to serve other parts of itself in a frame, you should change it to 'DENY'.
System check identified 4 issues (0 silenced).