Django settings mixins

DjangoSecurity

Enable SSL and other security settings for Django and django-secure app.

Django-secure install instructions: http://django-secure.rtfd.org/latest/index.html#installation

DjangoSecurity

class common_configs.django.security.DjangoSecurity

Configures some good defaults for non-SSL sites.

For SSL-enabled sites use DjangoSSLSecurity.

Env variable: DJANGO_SESSION_COOKIE_SECURE

https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_SECURE

Env variable: DJANGO_SESSION_COOKIE_HTTPONLY

https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_HTTPONLY

Env variable: DJANGO_CSRF_COOKIE_SECURE

https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-CSRF_COOKIE_SECURE

SECURE_FRAME_DENY = Value: True

Env variable: DJANGO_SECURE_FRAME_DENY

http://django-secure.rtfd.org/latest/settings.html#secure-frame-deny

SECURE_CONTENT_TYPE_NOSNIFF = Value: True

Env variable: DJANGO_SECURE_CONTENT_TYPE_NOSNIFF

http://django-secure.rtfd.org/latest/settings.html#secure-content-type-nosniff

SECURE_BROWSER_XSS_FILTER = Value: True

Env variable: DJANGO_SECURE_BROWSER_XSS_FILTER

http://django-secure.rtfd.org/latest/settings.html#secure-browser-xss-filter

INSTALLED_APPS

Appends djangosecure to list of INSTALLED_APPS.

MIDDLEWARE_CLASSES

Appends djangosecure to list of INSTALLED_APPS.

DjangoSSLSecurity

class common_configs.django.security.DjangoSSLSecurity

Adds SSL-related settings to DjangoSecurity

Env variable: DJANGO_SESSION_COOKIE_SECURE

https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_SECURE

Env variable: DJANGO_CSRF_COOKIE_SECURE

https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-CSRF_COOKIE_SECURE

SECURE_HSTS_SECONDS = Value: 2592000

Env variable: DJANGO_SECURE_HSTS_SECONDS

http://django-secure.rtfd.org/latest/settings.html#secure-hsts-seconds

SECURE_HSTS_INCLUDE_SUBDOMAINS = Value: True

Env variable: DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS

http://django-secure.rtfd.org/latest/settings.html#secure-hsts-include-subdomains

SECURE_SSL_REDIRECT = Value: True

Env variable: DJANGO_SECURE_SSL_REDIRECT

http://django-secure.rtfd.org/latest/settings.html#secure-ssl-redirect

MozillaCSP

class common_configs.django.security.MozillaCSP

Mozilla Content Security Policy that defines several default policies for scripts and static assets.

You most probably will want to adjust it according to static storage and CDN usage to white-list all static files sources.

CSP_DEFAULT_SRC()

By default allows "'self'", STATIC_URL host

CSP_IMG_SRC()

By default allows "*", "data:"

CSP_SCRIPT_SRC()

By default allows "'self'", "https://ajax.googleapis.com", "https://code.jquery.com", "https://netdna.bootstrapcdn.com", "'unsafe-inline'", STATIC_URL host

CSP_FONT_SRC()

By default allows "'self'", "https://themes.googleusercontent.com", "https://netdna.bootstrapcdn.com", STATIC_URL host

CSP_STYLE_SRC()

By default allows: "'self'", "https://fonts.googleapis.com", "https://netdna.bootstrapcdn.com", "'unsafe-inline'", STATIC_URL host

CSP_REPORT_ONLY = BooleanValue
MIDDLEWARE_CLASSES

Appends djangosecure to list of INSTALLED_APPS.

SingleSite

Single site config.

Set site id, domain name, default emails and allowed hosts.

class common_configs.django.site.SingleSite
SITE_ID = Value: 1

Env variable: DJANGO_SITE_ID

https://docs.djangoproject.com/en/dev/ref/settings/#site-id

DOMAIN_NAME = SecretValue

Env variable: DJANGO_DOMAIN_NAME

Default domain name (for email settings, allowed hosts list and session cookie domain)

SITE_NAME = SecretValue

Env variable: DJANGO_SITE_NAME

Default site name (for email name settings)

DEFAULT_FROM_EMAIL = Value: self.get_default_from_email()

Env variable: DJANGO_DEFAULT_FROM_EMAIL

Default: info@<domain name>

SERVER_EMAIL = Value: self.get_server_email()

Env variable: DJANGO_SERVER_EMAIL

Default: server@<domain name>

EMAIL_SUBJECT_PREFIX = Value: self.get_email_subject_prefix()

Env variable: DJANGO_EMAIL_SUBJECT_PREFIX

Default: [site name]

ALLOWED_HOSTS = Value: self.get_allowed_hosts()

Env variable: DJANGO_ALLOWED_HOSTS

Default: <domain name>, www.<domain name>, api.<domain name>

Env variable: DJANGO_SESSION_COOKIE_DOMAIN

Default: <domain name>

Locale

Django locale, languages and translations

class common_configs.django.locale.Locale
TIME_ZONE = Value: 'UTC'

Env variable: DJANGO_TIME_ZONE

Default timezone

https://docs.djangoproject.com/en/dev/ref/settings/#time-zone

LANGUAGE_CODE = Value: 'en-us'

Env variable: DJANGO_LANGUAGE_CODE

https://docs.djangoproject.com/en/dev/ref/settings/#language-code

USE_I18N = Value: True

Env variable: DJANGO_USE_I18N

https://docs.djangoproject.com/en/dev/ref/settings/#use-i18n

USE_L10N = Value: True

Env variable: DJANGO_USE_L10N

https://docs.djangoproject.com/en/dev/ref/settings/#use-l10n

USE_TZ = True

https://docs.djangoproject.com/en/dev/ref/settings/#use-tz

Read the Docs v: latest
Versions
latest
Downloads
PDF
HTML
Epub
On Read the Docs
Project Home
Builds
Free document hosting provided by Read the Docs.