Merge pull request #162 from stuartmaxwell:security-settings

Security-settings
stuartmaxwell · Nov 28, 2024 · c6b5fa2 · c6b5fa2
2 parents e9563b2 + 0917208
commit c6b5fa2
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/config/settings.py b/config/settings.py
@@ -294,3 +294,15 @@
 RESEND_API_KEY = env("RESEND_API_KEY")
 CONTACT_FORM_TO = env("CONTACT_FORM_TO")
 CONTACT_FORM_FROM = env("CONTACT_FORM_FROM")
+
+# Securtiy settings
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+
+# Use secure cookies
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+
+# HSTS settings
+SECURE_HSTS_SECONDS = 31536000  # 1 year
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True