Only allow django admin in debug
This commit is contained in:
parent
5bf5900367
commit
da99286d88
GPG key ID:
57AFB45680EDD477
2 changed files with 18 additions and 16 deletions
|
|
@ -13,21 +13,8 @@ SECRET_KEY = os.environ['SECRET_KEY']
|
|||
|
||||
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
||||
|
||||
if not DEBUG:
|
||||
print("NOT DEBUG!")
|
||||
SESSION_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_HTTPONLY = True
|
||||
SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||
SECURE_BROWSER_XSS_FILTER = True
|
||||
SECURE_SSL_REDIRECT = True
|
||||
|
||||
X_FRAME_OPTIONS = 'DENY'
|
||||
MAX_UPLOAD_SIZE = 5242880 # 5MB - 5242880
|
||||
|
||||
|
||||
# Application definition
|
||||
|
||||
INSTALLED_APPS = [
|
||||
'wagtail.wagtailforms',
|
||||
'wagtail.wagtailredirects',
|
||||
|
|
@ -47,7 +34,6 @@ INSTALLED_APPS = [
|
|||
'modelcluster',
|
||||
'taggit',
|
||||
|
||||
'django.contrib.admin',
|
||||
'django.contrib.auth',
|
||||
'django.contrib.contenttypes',
|
||||
'django.contrib.sessions',
|
||||
|
|
@ -61,6 +47,22 @@ INSTALLED_APPS = [
|
|||
'project.search',
|
||||
]
|
||||
|
||||
if DEBUG:
|
||||
INSTALLED_APPS += ['django.contrib.admin']
|
||||
|
||||
# Harden Django!
|
||||
if not DEBUG:
|
||||
SESSION_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_HTTPONLY = True
|
||||
SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||
SECURE_BROWSER_XSS_FILTER = True
|
||||
SECURE_SSL_REDIRECT = True
|
||||
|
||||
X_FRAME_OPTIONS = 'DENY'
|
||||
MAX_UPLOAD_SIZE = 5242880 # 5MB - 5242880
|
||||
|
||||
|
||||
MIDDLEWARE = [
|
||||
'django.middleware.security.SecurityMiddleware',
|
||||
|
||||
|
|
|
|||
|
|
@ -8,8 +8,6 @@ from wagtail.wagtailcore import urls as wagtail_urls
|
|||
from wagtail.wagtaildocs import urls as wagtaildocs_urls
|
||||
|
||||
urlpatterns = [
|
||||
url(r'^django-admin/', include(admin.site.urls)),
|
||||
|
||||
url(r'^admin/', include(wagtailadmin_urls)),
|
||||
url(r'^documents/', include(wagtaildocs_urls)),
|
||||
|
||||
|
|
@ -23,6 +21,8 @@ if settings.DEBUG:
|
|||
from django.conf.urls.static import static
|
||||
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
|
||||
|
||||
urlpatterns = [url(r'^django-admin/', include(admin.site.urls))] + urlpatterns
|
||||
|
||||
# Serve static and media files from development server
|
||||
urlpatterns += staticfiles_urlpatterns()
|
||||
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
|
||||
|
|
|
|||
Reference in a new issue