external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-16 04:58:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

settings: Update for Django 5.1 compatibility

Browse Source 
* Add LocaleMiddleware and i18n template context processor
* Add ATOMIC_REQUESTS for database transactions
* Adjust password validation settings:
  - Keep min length at 6 chars
* Add security settings for production environment
This commit is contained in:
Oliver Falk
2025-01-21 19:42:32 +01:00
parent e878224ba6
commit cea4d5eb24
1 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
ivatar/settings.py
View File

@@ -42,6 +42,7 @@ MIDDLEWARE = [
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"django.middleware.locale.LocaleMiddleware",
]
ROOT_URLCONF = "ivatar.urls"
@@ -49,7 +50,7 @@ ROOT_URLCONF = "ivatar.urls"
TEMPLATES = [
{
"BACKEND": "django.template.backends.django.DjangoTemplates",
"DIRS": [],
"DIRS": [os.path.join(BASE_DIR, "templates")],
"APP_DIRS": True,
"OPTIONS": {
"context_processors": [
@@ -57,7 +58,9 @@ TEMPLATES = [
"django.template.context_processors.request",
"django.contrib.auth.context_processors.auth",
"django.contrib.messages.context_processors.messages",
"django.template.context_processors.i18n",
],
"debug": DEBUG,
},
},
]
@@ -72,6 +75,7 @@ DATABASES = {
"default": {
"ENGINE": "django.db.backends.sqlite3",
"NAME": os.path.join(BASE_DIR, "db.sqlite3"),
"ATOMIC_REQUESTS": True,
}
}
@@ -85,6 +89,9 @@ AUTH_PASSWORD_VALIDATORS = [
},
{
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", # noqa
"OPTIONS": {
"min_length": 6,
},
},
{
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", # noqa
@@ -94,6 +101,25 @@ AUTH_PASSWORD_VALIDATORS = [
},
]
# Password Hashing (more secure)
PASSWORD_HASHERS = [
"django.contrib.auth.hashers.Argon2PasswordHasher",
"django.contrib.auth.hashers.PBKDF2PasswordHasher",
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
]
# Security Settings
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
X_FRAME_OPTIONS = "DENY"
CSRF_COOKIE_SECURE = not DEBUG
SESSION_COOKIE_SECURE = not DEBUG
if not DEBUG:
SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = 31536000 # 1 year
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
# Internationalization
# https://docs.djangoproject.com/en/2.0/topics/i18n/
@@ -116,4 +142,4 @@ STATIC_ROOT = os.path.join(BASE_DIR, "static")
DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
from config import * # pylint: disable=wildcard-import,wrong-import-position,unused-wildcard-import
from config import * # pylint: disable=wildcard-import,wrong-import-position,unused-wildcard-import # noqa