Mercurial Mercurial > hdabo / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/hdalab/settings.py
changeset 614 40e125004a0b
parent 613 4bb38d03e430
child 618 cb8b833ad122 
--- a/src/hdalab/settings.py	Thu Apr 02 22:52:54 2015 +0200
+++ b/src/hdalab/settings.py	Fri Apr 03 02:22:15 2015 +0200
@@ -134,6 +134,8 @@
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.security.SecurityMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware'
 )
 
 
@@ -195,6 +197,12 @@
 HONEYPOT_FIELD_NAME='phone'
 ENVELOPE_SUBJECT_INTRO='[hdalab contact]'
 
+X_FRAME_OPTIONS='DENY'
+SESSION_COOKIE_SECURE=False
+SECURE_CONTENT_TYPE_NOSNIFF=True
+SECURE_BROWSER_XSS_FILTER=True
+CSRF_COOKIE_SECURE=False
+
 from hdalab.config import * #@UnusedWildImport
 
 if 'LOGIN_REDIRECT_URL' not in locals():
hdabo