update security settings - disable https in dev, enforce in prod

ec869d4e · florimondmanca · cf8b3dfb · ec869d4e · ec869d4e
Commit ec869d4e authored Mar 30, 2018 by florimondmanca
--- a/oser_backend/oser_backend/settings/dev.py
+++ b/oser_backend/oser_backend/settings/dev.py
@@ -157,11 +157,6 @@ DATABASES = {
        default='postgres://postgres:postgres@localhost:5432/oser_backend_db'),
 }

-# Security
-SESSION_COOKIE_SECURE = True
-CSRF_COOKIE_SECURE = True
-SECURE_BROWSER_XSS_FILTER = True
-
 # Authentication

 AUTH_USER_MODEL = 'users.User'

--- a/oser_backend/oser_backend/settings/production.py
+++ b/oser_backend/oser_backend/settings/production.py
@@ -13,3 +13,9 @@ ALLOWED_HOSTS = [
    'oser-backend-staging.herokuapp.com',
    'oser-cs.fr',
 ]
+
+# Security
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_SSL_REDIRECT = True