Add some extra security headers

This commit is contained in:
Jake Howard 2022-08-25 23:08:04 +01:00
parent 309955a052
commit ccc9e24e77
Signed by: jake
GPG key ID: 57AFB45680EDD477

View file

@ -226,3 +226,13 @@ REST_FRAMEWORK = {
"rest_framework.authentication.SessionAuthentication",
],
}
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
X_FRAME_OPTIONS = "DENY"
SECURE_REFERRER_POLICY = "same-origin"
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
if not DEBUG:
SECURE_HSTS_SECONDS = 86400 # 1 day