from .base import * DEBUG = False DATABASES = { 'default': env.db('DATABASE_URL', default='sqlite:///tmp/build.db') } # WhiteNoise pour servir les fichiers statiques en fallback MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'whitenoise.middleware.WhiteNoiseMiddleware', ] + [m for m in MIDDLEWARE if m != 'django.middleware.security.SecurityMiddleware'] STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage' EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = env('EMAIL_HOST', default='smtp.dreamhost.com') EMAIL_PORT = env.int('EMAIL_PORT', default=465) EMAIL_USE_SSL = True EMAIL_HOST_USER = env('EMAIL_HOST_USER', default='') EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD', default='') # ── HTTPS / cookies ─────────────────────────────────────── SECURE_SSL_REDIRECT = env.bool('SECURE_SSL_REDIRECT', default=True) SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # derrière nginx SESSION_COOKIE_SECURE = True SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_SAMESITE = 'Lax' CSRF_COOKIE_SECURE = True CSRF_COOKIE_HTTPONLY = True CSRF_COOKIE_SAMESITE = 'Lax' # ── HSTS ────────────────────────────────────────────────── # Commencer à 3600, passer à 31536000 après validation SSL SECURE_HSTS_SECONDS = 3600 SECURE_HSTS_INCLUDE_SUBDOMAINS = True SECURE_HSTS_PRELOAD = False # passer à True avec HSTS 1 an # ── Headers de sécurité Django ───────────────────────────── SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_REFERRER_POLICY = 'strict-origin-when-cross-origin' X_FRAME_OPTIONS = 'DENY' LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'handlers': { 'console': {'class': 'logging.StreamHandler'}, }, 'root': { 'handlers': ['console'], 'level': 'WARNING', }, 'loggers': { 'django': {'handlers': ['console'], 'level': 'WARNING', 'propagate': False}, 'apps.core': {'handlers': ['console'], 'level': 'INFO', 'propagate': False}, }, }