Only allow django admin in debug
This commit is contained in:
parent
5bf5900367
commit
da99286d88
GPG key ID:
57AFB45680EDD477
2 changed files with 18 additions and 16 deletions
|
|
@ -13,21 +13,8 @@ SECRET_KEY = os.environ['SECRET_KEY']
|
||||||
|
|
||||||
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
|
||||||
|
|
||||||
if not DEBUG:
|
|
||||||
print("NOT DEBUG!")
|
|
||||||
SESSION_COOKIE_SECURE = True
|
|
||||||
CSRF_COOKIE_SECURE = True
|
|
||||||
CSRF_COOKIE_HTTPONLY = True
|
|
||||||
SECURE_CONTENT_TYPE_NOSNIFF = True
|
|
||||||
SECURE_BROWSER_XSS_FILTER = True
|
|
||||||
SECURE_SSL_REDIRECT = True
|
|
||||||
|
|
||||||
X_FRAME_OPTIONS = 'DENY'
|
|
||||||
MAX_UPLOAD_SIZE = 5242880 # 5MB - 5242880
|
|
||||||
|
|
||||||
|
|
||||||
# Application definition
|
# Application definition
|
||||||
|
|
||||||
INSTALLED_APPS = [
|
INSTALLED_APPS = [
|
||||||
'wagtail.wagtailforms',
|
'wagtail.wagtailforms',
|
||||||
'wagtail.wagtailredirects',
|
'wagtail.wagtailredirects',
|
||||||
|
|
@ -47,7 +34,6 @@ INSTALLED_APPS = [
|
||||||
'modelcluster',
|
'modelcluster',
|
||||||
'taggit',
|
'taggit',
|
||||||
|
|
||||||
'django.contrib.admin',
|
|
||||||
'django.contrib.auth',
|
'django.contrib.auth',
|
||||||
'django.contrib.contenttypes',
|
'django.contrib.contenttypes',
|
||||||
'django.contrib.sessions',
|
'django.contrib.sessions',
|
||||||
|
|
@ -61,6 +47,22 @@ INSTALLED_APPS = [
|
||||||
'project.search',
|
'project.search',
|
||||||
]
|
]
|
||||||
|
|
||||||
|
if DEBUG:
|
||||||
|
INSTALLED_APPS += ['django.contrib.admin']
|
||||||
|
|
||||||
|
# Harden Django!
|
||||||
|
if not DEBUG:
|
||||||
|
SESSION_COOKIE_SECURE = True
|
||||||
|
CSRF_COOKIE_SECURE = True
|
||||||
|
CSRF_COOKIE_HTTPONLY = True
|
||||||
|
SECURE_CONTENT_TYPE_NOSNIFF = True
|
||||||
|
SECURE_BROWSER_XSS_FILTER = True
|
||||||
|
SECURE_SSL_REDIRECT = True
|
||||||
|
|
||||||
|
X_FRAME_OPTIONS = 'DENY'
|
||||||
|
MAX_UPLOAD_SIZE = 5242880 # 5MB - 5242880
|
||||||
|
|
||||||
|
|
||||||
MIDDLEWARE = [
|
MIDDLEWARE = [
|
||||||
'django.middleware.security.SecurityMiddleware',
|
'django.middleware.security.SecurityMiddleware',
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,6 @@ from wagtail.wagtailcore import urls as wagtail_urls
|
||||||
from wagtail.wagtaildocs import urls as wagtaildocs_urls
|
from wagtail.wagtaildocs import urls as wagtaildocs_urls
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
url(r'^django-admin/', include(admin.site.urls)),
|
|
||||||
|
|
||||||
url(r'^admin/', include(wagtailadmin_urls)),
|
url(r'^admin/', include(wagtailadmin_urls)),
|
||||||
url(r'^documents/', include(wagtaildocs_urls)),
|
url(r'^documents/', include(wagtaildocs_urls)),
|
||||||
|
|
||||||
|
|
@ -23,6 +21,8 @@ if settings.DEBUG:
|
||||||
from django.conf.urls.static import static
|
from django.conf.urls.static import static
|
||||||
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
|
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
|
||||||
|
|
||||||
|
urlpatterns = [url(r'^django-admin/', include(admin.site.urls))] + urlpatterns
|
||||||
|
|
||||||
# Serve static and media files from development server
|
# Serve static and media files from development server
|
||||||
urlpatterns += staticfiles_urlpatterns()
|
urlpatterns += staticfiles_urlpatterns()
|
||||||
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
|
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
|
||||||
|
|
|
||||||
Reference in a new issue