isracool/JooL_website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4a5cea4a7fd7b59c9d437e504fc038c592cac625
JooL_website/config/settings/prod.py
ifaryd 4a5cea4a7f Config docker
2026-05-15 11:20:16 +00:00

62 lines
2.3 KiB
Python
Raw Blame History

from .base import *
DEBUG = False
DATABASES = {
'default': env.db('DATABASE_URL', default='sqlite:///tmp/build.db')
}
# WhiteNoise pour servir les fichiers statiques en fallback
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'whitenoise.middleware.WhiteNoiseMiddleware',
] + [m for m in MIDDLEWARE if m != 'django.middleware.security.SecurityMiddleware']
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = env('EMAIL_HOST', default='smtp.dreamhost.com')
EMAIL_PORT = env.int('EMAIL_PORT', default=465)
EMAIL_USE_SSL = True
EMAIL_HOST_USER = env('EMAIL_HOST_USER', default='')
EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD', default='')
# ── HTTPS / cookies ───────────────────────────────────────
SECURE_SSL_REDIRECT = env.bool('SECURE_SSL_REDIRECT', default=True)
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # derrière nginx
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_SAMESITE = 'Lax'
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
CSRF_COOKIE_SAMESITE = 'Lax'
# ── HSTS ──────────────────────────────────────────────────
# Commencer à 3600, passer à 31536000 après validation SSL
SECURE_HSTS_SECONDS = 3600
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = False # passer à True avec HSTS 1 an
# ── Headers de sécurité Django ─────────────────────────────
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_REFERRER_POLICY = 'strict-origin-when-cross-origin'
X_FRAME_OPTIONS = 'DENY'
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'console': {'class': 'logging.StreamHandler'},
},
'root': {
'handlers': ['console'],
'level': 'WARNING',
},
'loggers': {
'django': {'handlers': ['console'], 'level': 'WARNING', 'propagate': False},
'apps.core': {'handlers': ['console'], 'level': 'INFO', 'propagate': False},
},
}
Reference in New Issue View Git Blame Copy Permalink