Not all security settings suggested by Django's check --deploy command are enabled in production #27

yoowul · 2017-05-09T11:15:02Z

Security settings proposed by django's check --deploy flag:

secure_content_type_nosniff: True
secure_browser_xss_filter: True
session_cookie_secure: True
csrf_cookie_secure: True
csrf_cookie_httponly: True
x_frame_options: DENY

Currently the first four are set to False due to errors.

yoowul added the enhancement label May 9, 2017

yoowul changed the title ~~Research the implemenation of security settings proposed by django's check --deploy flag~~ Research the implementation of security settings proposed by django's check --deploy flag May 9, 2017

cameel changed the title ~~Research the implementation of security settings proposed by django's check --deploy flag~~ Not all security settings suggested by Django's check --deploy command are enabled in production May 9, 2017

cameel added security and removed enhancement labels May 9, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Not all security settings suggested by Django's check --deploy command are enabled in production #27

Not all security settings suggested by Django's check --deploy command are enabled in production #27

yoowul commented May 9, 2017

Not all security settings suggested by Django's check --deploy command are enabled in production #27

Not all security settings suggested by Django's check --deploy command are enabled in production #27

Comments

yoowul commented May 9, 2017