From cb109219f06324c8960a3e947a5c5eee2cf7857d Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 27 Nov 2016 21:48:36 +0000
Subject: [PATCH] harden django

---
 project/settings.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/project/settings.py b/project/settings.py
index eafd349..479ca22 100755
--- a/project/settings.py
+++ b/project/settings.py
@@ -11,11 +11,17 @@ DEBUG = os.environ['DEBUG']
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = os.environ['SECRET_KEY']
 
-
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_HTTPONLY = True
+MAX_UPLOAD_SIZE = 5242880 # 5MB - 5242880
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_SSL_REDIRECT = True
+X_FRAME_OPTIONS = 'DENY'
+
 
 
 # Application definition