· 6 years ago · Feb 04, 2019, 11:16 AM
1import os
2
3
4BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
5
6
7with open('/etc/secret_key.txt') as f:
8 SECRET_KEY = f.read().strip()
9
10
11
12DEBUG = False
13
14ALLOWED_HOSTS = ['xxxxxx.com']
15
16SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer'
17SESSION_ENGINE = 'user_sessions.backends.db'
18
19
20CSRF_COOKIE_SECURE = True
21CSRF_COOKIE_SAMESITE = 'Strict'
22CSRF_COOKIE_AGE = None
23CSRF_COOKIE_DOMAIN = None
24CSRF_USE_SESSIONS = False
25CSRF_COOKIE_HTTPONLY = True
26SESSION_COOKIE_PATH = '/;HttpOnly'
27SESSION_COOKIE_HTTPONLY = True
28SESSION_COOKIE_SECURE = True
29SESSION_COOKIE_SAMESITE = 'Strict'
30SESSION_EXPIRE_AT_BROWSER_CLOSE = True
31
32SECURE_SSL_REDIRECT = True
33SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
34SECURE_BROWSER_XSS_FILTER = True
35SECURE_CONTENT_TYPE_NOSNIFF = True
36SECURE_HSTS_SECONDS = 15768000 #3600 # 1 day
37SECURE_HSTS_INCLUDE_SUBDOMAINS = True
38SECURE_HSTS_PRELOAD = True
39SECURE_FRAME_DENY = True
40
41X_FRAME_OPTIONS = 'DENY'
42
43
44
45
46os.environ['HTTPS'] = "on"
47os.environ['wsgi.url_scheme'] = 'https'
48
49
50
51
52CSP_DEFAULT_SRC = ("'none'",)
53CSP_STYLE_SRC = ("'self'", "xxxxxx.com", "fonts.googleapis.com", "'sha256-Y/OYzipjX3yzIdTnBrtEgSVTJ9PGTp7jDHMb+R3S1qI='")
54CSP_SCRIPT_SRC = ("'self'", "xxxxxx.com", "www.googletagmanager.com", "www.google-analytics.com", "https://www.google.com/recaptcha/", "https://www.gstatic.com/recaptcha/",)
55CSP_IMG_SRC = ("'self'", "data:", "www.googletagmanager.com", "www.google-analytics.com", "fonts.googleapis.com/")
56CSP_FONT_SRC = ("'self'", "xxxxxx.com", "fonts.gstatic.com")
57CSP_CONNECT_SRC = ("'self'", "xxxxxx.com",)
58CSP_OBJECT_SRC = ("'none'", )
59CSP_BASE_URI = ("'none'", )
60CSP_FRAME_SRC = ("'self'", "https://www.google.com/recaptcha/",)
61CSP_FRAME_ANCESTORS = ("'none'",)
62CSP_FORM_ACTION = ("'self'", "xxxxxx.com",)
63CSP_INCLUDE_NONCE_IN = ('script-src',)
64
65
66
67INSTALLED_APPS = [
68 'django.contrib.admin',
69 'django.contrib.auth',
70 'django.contrib.contenttypes',
71 'user_sessions',
72 'django.contrib.sessions',
73 'django.contrib.messages',
74 'django.contrib.staticfiles',
75 'captcha',
76 'usuario',
77 'administrador',
78 'base',
79 'django_otp',
80 'django_otp.plugins.otp_static',
81 'django_otp.plugins.otp_totp',
82 'two_factor',
83 'bootstrapform',
84]
85
86MIDDLEWARE = [
87 'django.middleware.security.SecurityMiddleware',
88 'django.contrib.sessions.middleware.SessionMiddleware',
89 'django.middleware.common.CommonMiddleware',
90 'django.middleware.csrf.CsrfViewMiddleware',
91 'django.middleware.locale.LocaleMiddleware',
92 'django.contrib.auth.middleware.AuthenticationMiddleware',
93 'user_sessions.middleware.SessionMiddleware',
94 'django.contrib.messages.middleware.MessageMiddleware',
95 'django.middleware.clickjacking.XFrameOptionsMiddleware',
96 'csp.middleware.CSPMiddleware',
97 'django_otp.middleware.OTPMiddleware',
98 'two_factor.middleware.threadlocals.ThreadLocals',
99 'django_feature_policy.FeaturePolicyMiddleware',
100 'django_referrer_policy.middleware.ReferrerPolicyMiddleware',
101 #'x_forwarded_for.middleware.XForwardedForMiddleware',
102]
103
104
105
106
107AUTHENTICATION_BACKENDS = (
108 'django.contrib.auth.backends.ModelBackend',
109)
110
111REFERRER_POLICY = 'same-origin'
112FEATURE_POLICY = {
113 'geolocation': 'none',
114}
115
116
117LOGOUT_REDIRECT_URL = 'login'
118LOGIN_URL = 'login'
119LOGIN_REDIRECT_URL = 'home_usuario'
120
121RECAPTCHA_PUBLIC_KEY = 'xxxxxxxxxxxxxxxxxxx'
122RECAPTCHA_PRIVATE_KEY = 'xxxxxxxxxxxxxxxxxxx'
123
124ROOT_URLCONF = 'xxxxxxproject.urls'
125
126TEMPLATES = [
127 {
128 'BACKEND': 'django.template.backends.django.DjangoTemplates',
129 'DIRS': ['templates'],
130 'APP_DIRS': True,
131 'OPTIONS': {
132 'context_processors': [
133 'django.template.context_processors.debug',
134 'django.template.context_processors.request',
135 'django.contrib.auth.context_processors.auth',
136 'django.contrib.messages.context_processors.messages',
137 ],
138 },
139 },
140]
141
142WSGI_APPLICATION = 'xxxxxxproject.wsgi.application'
143
144
145DATABASES = {
146 'default': {
147 'ENGINE': 'django.db.backends.postgresql_psycopg2',
148 'NAME': 'xxxxxxproject',
149 'USER': 'xxxxxxprojectuser',
150 'PASSWORD': 'xxxxxxxxxxxxx',
151 'HOST': 'xxxxxxxxxxxx',
152 'PORT': '5432',
153 }
154}
155
156
157
158AUTH_PASSWORD_VALIDATORS = [
159 {
160 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
161 },
162 {
163 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
164 },
165 {
166 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
167 },
168 {
169 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
170 },
171]
172
173
174
175
176LANGUAGE_CODE = 'en-us'
177
178TIME_ZONE = 'UTC'
179
180USE_I18N = True
181
182USE_L10N = True
183
184USE_TZ = True
185
186EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
187EMAIL_USE_TLS = True
188EMAIL_HOST = 'smtp.1and1.es'
189EMAIL_HOST_USER = 'xxxxxxxx@xxxxxxx.xxx'
190EMAIL_HOST_PASSWORD = 'xxxxxxxxxxxxxxxxxxxxx'
191EMAIL_PORT = 587
192
193
194
195STATIC_URL = '/static/'
196STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
197
198os.environ['HTTPS'] = "on"
199os.environ['wsgi.url_scheme'] = 'https'
200
201try:
202 from .settings_private import * # noqa
203except ImportError:
204 pass