From ccc9e24e77a5970fc9ae63fa894035fc34505b89 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Thu, 25 Aug 2022 23:08:04 +0100
Subject: [PATCH] Add some extra security headers

---
 website/settings.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/website/settings.py b/website/settings.py
index 78bc758..238e773 100644
--- a/website/settings.py
+++ b/website/settings.py
@@ -226,3 +226,13 @@ REST_FRAMEWORK = {
         "rest_framework.authentication.SessionAuthentication",
     ],
 }
+
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+X_FRAME_OPTIONS = "DENY"
+SECURE_REFERRER_POLICY = "same-origin"
+
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+
+if not DEBUG:
+    SECURE_HSTS_SECONDS = 86400  # 1 day