63 lines
2.4 KiB
Python
63 lines
2.4 KiB
Python
from .base import *
|
|
|
|
DEBUG = False
|
|
|
|
DATABASES = {
|
|
'default': env.db('DATABASE_URL', default='sqlite:///tmp/build.db')
|
|
}
|
|
|
|
# WhiteNoise pour servir les fichiers statiques en fallback
|
|
MIDDLEWARE = [
|
|
'django.middleware.security.SecurityMiddleware',
|
|
'whitenoise.middleware.WhiteNoiseMiddleware',
|
|
] + [m for m in MIDDLEWARE if m != 'django.middleware.security.SecurityMiddleware']
|
|
|
|
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
|
|
WHITENOISE_MAX_AGE = 31536000 # 1 an — les fichiers sont versionnés par hash
|
|
|
|
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
|
|
EMAIL_HOST = env('EMAIL_HOST', default='smtp.dreamhost.com')
|
|
EMAIL_PORT = env.int('EMAIL_PORT', default=465)
|
|
EMAIL_USE_SSL = True
|
|
EMAIL_HOST_USER = env('EMAIL_HOST_USER', default='')
|
|
EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD', default='')
|
|
|
|
# ── HTTPS / cookies ───────────────────────────────────────
|
|
SECURE_SSL_REDIRECT = env.bool('SECURE_SSL_REDIRECT', default=True)
|
|
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # derrière nginx
|
|
|
|
SESSION_COOKIE_SECURE = True
|
|
SESSION_COOKIE_HTTPONLY = True
|
|
SESSION_COOKIE_SAMESITE = 'Lax'
|
|
|
|
CSRF_COOKIE_SECURE = True
|
|
CSRF_COOKIE_HTTPONLY = True
|
|
CSRF_COOKIE_SAMESITE = 'Lax'
|
|
|
|
# ── HSTS ──────────────────────────────────────────────────
|
|
# Commencer à 3600, passer à 31536000 après validation SSL
|
|
SECURE_HSTS_SECONDS = 3600
|
|
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
|
SECURE_HSTS_PRELOAD = False # passer à True avec HSTS 1 an
|
|
|
|
# ── Headers de sécurité Django ─────────────────────────────
|
|
SECURE_CONTENT_TYPE_NOSNIFF = True
|
|
SECURE_REFERRER_POLICY = 'strict-origin-when-cross-origin'
|
|
X_FRAME_OPTIONS = 'DENY'
|
|
|
|
LOGGING = {
|
|
'version': 1,
|
|
'disable_existing_loggers': False,
|
|
'handlers': {
|
|
'console': {'class': 'logging.StreamHandler'},
|
|
},
|
|
'root': {
|
|
'handlers': ['console'],
|
|
'level': 'WARNING',
|
|
},
|
|
'loggers': {
|
|
'django': {'handlers': ['console'], 'level': 'WARNING', 'propagate': False},
|
|
'apps.core': {'handlers': ['console'], 'level': 'INFO', 'propagate': False},
|
|
},
|
|
}
|