security check

2025-03-06 19:30:56 +01:00 · 2025-03-06 19:30:56 +01:00 · 4dbf51fced
commit 4dbf51fced
parent 47d47bf090
1 changed files with 8 additions and 0 deletions
--- a/StockSeeker/settings.py
+++ b/StockSeeker/settings.py
@ -153,8 +153,16 @@ if '' in CORS_ALLOWED_ORIGINS:
    CORS_ALLOWED_ORIGINS.remove('')

 CORS_ALLOW_CREDENTIALS = True
+SESSION_COOKIE_SECURE = True
 CSRF_COOKIE_SECURE = True
 CSRF_COOKIE_SAMESITE = "Lax"
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SECURE_SSL_REDIRECT = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
 SIMPLE_JWT = {
    'ACCESS_TOKEN_LIFETIME': timedelta(days=1),
    'REFRESH_TOKEN_LIFETIME': timedelta(days=1),