add django productio https settings

dragonejt · Jul 13, 2023 · a994c6b · a994c6b
1 parent 76dad00
commit a994c6b
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/sibyl/settings.py b/sibyl/settings.py
@@ -28,7 +28,7 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = os.getenv("ENV") != "production"
 
-ALLOWED_HOSTS = [os.getenv("DEPLOY_HOST")]
+ALLOWED_HOSTS = [os.getenv("DEPLOY_HOST"), "localhost"]
 
 
 # Application definition
@@ -143,3 +143,10 @@
         'rest_framework.renderers.JSONRenderer'
     ]
 }
+
+CSRF_COOKIE_SECURE = not DEBUG
+SESSION_COOKIE_SECURE = not DEBUG
+SECURE_SSL_REDIRECT = not DEBUG
+SECURE_HSTS_SECONDS = 3600 if DEBUG is False else 0
+SECURE_HSTS_INCLUDE_SUBDOMAINS = not DEBUG
+SECURE_HSTS_PRELOAD = not DEBUG