🔧(backend) fix configuration to avoid different ssl warning
Fix following warning messages : - You have not set a value for the SECURE_HSTS_SECONDS setting. - Your SECURE_SSL_REDIRECT setting is not set to True.
This commit is contained in:
Jacques ROUSSEL
committed by
Anthony LC
Anthony LC
parent
76368f1ae9
commit
3a6bc8c0f7
@@ -24,6 +24,8 @@ and this project adheres to
|
||||
- 🐛(backend) gitlab oicd userinfo endpoint #232
|
||||
- 🛂(frontend) redirect to the OIDC when private doc and unauthentified #292
|
||||
- ♻️(backend) getting list of document versions available for a user #258
|
||||
- 🔧(backend) fix configuration to avoid different ssl warning #297
|
||||
|
||||
|
||||
## [1.4.0] - 2024-09-17
|
||||
|
||||
|
||||
@@ -546,6 +546,14 @@ class Production(Base):
|
||||
# In other cases, you should comment the following line to avoid security issues.
|
||||
# SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
|
||||
SECURE_HSTS_SECONDS = 60
|
||||
SECURE_HSTS_PRELOAD = True
|
||||
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
||||
SECURE_SSL_REDIRECT = True
|
||||
SECURE_REDIRECT_EXEMPT = [
|
||||
"^__lbheartbeat__",
|
||||
"^__heartbeat__",
|
||||
]
|
||||
|
||||
# Modern browsers require to have the `secure` attribute on cookies with `Samesite=none`
|
||||
CSRF_COOKIE_SECURE = True
|
||||
|
||||
Reference in New Issue
Block a user