reset settings
Browse files- backend/settings.py +4 -4
backend/settings.py
CHANGED
|
@@ -44,12 +44,12 @@ CORS_ALLOW_ALL_ORIGINS = False if MODE == 'production' else True
|
|
| 44 |
|
| 45 |
|
| 46 |
SESSION_COOKIE_HTTPONLY = True
|
| 47 |
-
SESSION_COOKIE_SECURE =
|
| 48 |
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
| 49 |
SESSION_COOKIE_AGE = 60 * 60 * 24 # 1 day
|
| 50 |
|
| 51 |
CSRF_COOKIE_HTTPONLY = True
|
| 52 |
-
CSRF_COOKIE_SECURE =
|
| 53 |
CSRF_TRUSTED_ORIGINS = [
|
| 54 |
origin.strip()
|
| 55 |
for origin in os.environ.get("CSRF_TRUSTED_ORIGINS", "").split(",")
|
|
@@ -60,9 +60,9 @@ CSRF_TRUSTED_ORIGINS = [
|
|
| 60 |
'http://localhost:3000'
|
| 61 |
]
|
| 62 |
|
| 63 |
-
SECURE_SSL_REDIRECT =
|
| 64 |
|
| 65 |
-
SECURE_CONTENT_TYPE_NOSNIFF =
|
| 66 |
|
| 67 |
# HSTS settings - only enable in production with proper HTTPS configuration
|
| 68 |
# WARNING: Once enabled, browsers will remember this for SECURE_HSTS_SECONDS seconds
|
|
|
|
| 44 |
|
| 45 |
|
| 46 |
SESSION_COOKIE_HTTPONLY = True
|
| 47 |
+
SESSION_COOKIE_SECURE = False if MODE == 'production' else True # use False only for local dev (no HTTPS)
|
| 48 |
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
| 49 |
SESSION_COOKIE_AGE = 60 * 60 * 24 # 1 day
|
| 50 |
|
| 51 |
CSRF_COOKIE_HTTPONLY = True
|
| 52 |
+
CSRF_COOKIE_SECURE = False if MODE == 'production' else True
|
| 53 |
CSRF_TRUSTED_ORIGINS = [
|
| 54 |
origin.strip()
|
| 55 |
for origin in os.environ.get("CSRF_TRUSTED_ORIGINS", "").split(",")
|
|
|
|
| 60 |
'http://localhost:3000'
|
| 61 |
]
|
| 62 |
|
| 63 |
+
SECURE_SSL_REDIRECT = False if MODE == 'production' else True
|
| 64 |
|
| 65 |
+
SECURE_CONTENT_TYPE_NOSNIFF = False if MODE == 'production' else True
|
| 66 |
|
| 67 |
# HSTS settings - only enable in production with proper HTTPS configuration
|
| 68 |
# WARNING: Once enabled, browsers will remember this for SECURE_HSTS_SECONDS seconds
|