added staging & prod https support to core.settings

2026-02-20 13:33:11 -05:00
parent 5106b04175
commit 4b558020af
1 changed files with 6 additions and 0 deletions
--- a/src/core/settings.py
+++ b/src/core/settings.py
@@ -28,6 +28,12 @@ if 'DJANGO_DEBUG_FALSE' in os.environ:
    SECRET_KEY = os.environ['DJANGO_SECRET_KEY']
    ALLOWED_HOSTS = [host.strip() for host in os.environ['DJANGO_ALLOWED_HOST'].split(',')]
    CSRF_TRUSTED_ORIGINS = [f'https://{host.strip()}' for host in os.environ['DJANGO_ALLOWED_HOST'].split(',')]
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+    SECURE_HSTS_SECONDS = 60
+    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+    SECURE_HSTS_PRELOAD = True
 else:
    DEBUG = True
    # SECURITY WARNING: keep the secret key used in production secret!