From 4dbf51fcedf5e01ef5990f3b16ebf4e2efec11fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o?= <cdf.leo.merkel@gmail.com>
Date: Thu, 6 Mar 2025 19:30:56 +0100
Subject: [PATCH] security check

---
 StockSeeker/settings.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/StockSeeker/settings.py b/StockSeeker/settings.py
index b830d64..3e1739b 100644
--- a/StockSeeker/settings.py
+++ b/StockSeeker/settings.py
@@ -153,8 +153,16 @@ if '' in CORS_ALLOWED_ORIGINS:
     CORS_ALLOWED_ORIGINS.remove('')
 
 CORS_ALLOW_CREDENTIALS = True
+SESSION_COOKIE_SECURE = True
 CSRF_COOKIE_SECURE = True
 CSRF_COOKIE_SAMESITE = "Lax"
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SECURE_SSL_REDIRECT = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
 SIMPLE_JWT = {
     'ACCESS_TOKEN_LIFETIME': timedelta(days=1),
     'REFRESH_TOKEN_LIFETIME': timedelta(days=1),