Enable SSL and other security settings for Django and django-secure app.
Django-secure install instructions: http://django-secure.rtfd.org/latest/index.html#installation
Configures some good defaults for non-SSL sites.
For SSL-enabled sites use DjangoSSLSecurity.
Env variable: DJANGO_SESSION_COOKIE_SECURE
https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_SECURE
Env variable: DJANGO_SESSION_COOKIE_HTTPONLY
https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_HTTPONLY
Env variable: DJANGO_CSRF_COOKIE_SECURE
https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-CSRF_COOKIE_SECURE
Env variable: DJANGO_SECURE_FRAME_DENY
http://django-secure.rtfd.org/latest/settings.html#secure-frame-deny
Env variable: DJANGO_SECURE_CONTENT_TYPE_NOSNIFF
http://django-secure.rtfd.org/latest/settings.html#secure-content-type-nosniff
Env variable: DJANGO_SECURE_BROWSER_XSS_FILTER
http://django-secure.rtfd.org/latest/settings.html#secure-browser-xss-filter
Appends djangosecure to list of INSTALLED_APPS.
Appends djangosecure to list of INSTALLED_APPS.
Adds SSL-related settings to DjangoSecurity
Env variable: DJANGO_SESSION_COOKIE_SECURE
https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_SECURE
Env variable: DJANGO_CSRF_COOKIE_SECURE
https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-CSRF_COOKIE_SECURE
Env variable: DJANGO_SECURE_HSTS_SECONDS
http://django-secure.rtfd.org/latest/settings.html#secure-hsts-seconds
Env variable: DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS
http://django-secure.rtfd.org/latest/settings.html#secure-hsts-include-subdomains
Env variable: DJANGO_SECURE_SSL_REDIRECT
http://django-secure.rtfd.org/latest/settings.html#secure-ssl-redirect
Mozilla Content Security Policy that defines several default policies for scripts and static assets.
You most probably will want to adjust it according to static storage and CDN usage to white-list all static files sources.
By default allows "'self'", STATIC_URL host
By default allows "*", "data:"
By default allows "'self'", "https://ajax.googleapis.com", "https://code.jquery.com", "https://netdna.bootstrapcdn.com", "'unsafe-inline'", STATIC_URL host
By default allows "'self'", "https://themes.googleusercontent.com", "https://netdna.bootstrapcdn.com", STATIC_URL host
By default allows: "'self'", "https://fonts.googleapis.com", "https://netdna.bootstrapcdn.com", "'unsafe-inline'", STATIC_URL host
Appends djangosecure to list of INSTALLED_APPS.
Single site config.
Set site id, domain name, default emails and allowed hosts.
Env variable: DJANGO_SITE_ID
Env variable: DJANGO_DOMAIN_NAME
Default domain name (for email settings, allowed hosts list and session cookie domain)
Env variable: DJANGO_SITE_NAME
Default site name (for email name settings)
Env variable: DJANGO_DEFAULT_FROM_EMAIL
Default: info@<domain name>
Env variable: DJANGO_SERVER_EMAIL
Default: server@<domain name>
Env variable: DJANGO_EMAIL_SUBJECT_PREFIX
Default: [site name]
Env variable: DJANGO_ALLOWED_HOSTS
Default: <domain name>, www.<domain name>, api.<domain name>
Env variable: DJANGO_SESSION_COOKIE_DOMAIN
Default: <domain name>
Django locale, languages and translations
Env variable: DJANGO_TIME_ZONE
Default timezone
https://docs.djangoproject.com/en/dev/ref/settings/#time-zone
Env variable: DJANGO_LANGUAGE_CODE
https://docs.djangoproject.com/en/dev/ref/settings/#language-code
Env variable: DJANGO_USE_I18N
https://docs.djangoproject.com/en/dev/ref/settings/#use-i18n
Env variable: DJANGO_USE_L10N
https://docs.djangoproject.com/en/dev/ref/settings/#use-l10n