midna: add django recommended security settings

darakeon · Jul 19, 2023 · 76ab495 · 76ab495
1 parent b10c780
commit 76ab495
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/docs/RELEASES.md b/docs/RELEASES.md
@@ -16,7 +16,7 @@ This is the list of project releases, past and current. To see tasks that are st
 
 ## <a name="10.0.1.0"></a>10.0.1.0 :sheep: <sup>`11`</sup>
 - [ ] Fix menu not opening
-- [ ] `230619>......` Add admin to nginx with production settings ([django-prod]/[django-nginx])
+- [x] `230619>230719` Add admin to nginx with production settings ([django-prod]/[django-nginx])
 - [x] `230619>230619` Fix emails to remove email contact and tell how to recover and delete csv
 - [x] `230618>230619` Fix terms to remove email contact and tell how to recover and delete csv
 - [x] `230530>230617` Add link to purge csv into email with csv

diff --git a/midna/src/midna/settings.py b/midna/src/midna/settings.py
@@ -160,6 +160,9 @@
 	SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
 	SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
 
+	SESSION_COOKIE_SECURE = True
+	CSRF_COOKIE_SECURE = True
+
 	LOGGING = {
 		'version': 1,
 		'disable_existing_loggers': False,