From 43768eb06180099a272e50c88a113a5bd13d3f9d Mon Sep 17 00:00:00 2001
From: NikDizell <nikdizell@gmail.com>
Date: Wed, 25 Feb 2026 04:04:41 +0300
Subject: [PATCH] =?UTF-8?q?=D0=91=D0=B5=D0=B7=D0=BE=D0=BF=D0=B0=D1=81?=
 =?UTF-8?q?=D1=82=D0=BD=D0=BE=D1=81=D1=82=D1=8C=20=D1=81=D0=B0=D0=B9=D1=82?=
 =?UTF-8?q?=D0=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 OneCprogsite/settings.py | 45 ++++++++++++++++++++--------------------
 1 file changed, 23 insertions(+), 22 deletions(-)

diff --git a/OneCprogsite/settings.py b/OneCprogsite/settings.py
index 5acf9c9..4a354f8 100644
--- a/OneCprogsite/settings.py
+++ b/OneCprogsite/settings.py
@@ -31,19 +31,6 @@ sys.path.insert(0, str(BASE_DIR / "OneCprogsite"))  # Добавляем пап
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = os.getenv('DJANGO_SECRET_KEY')
 
-# Безопасность cookies для HTTPS
-# SESSION_COOKIE_SECURE = True
-# CSRF_COOKIE_SECURE = True
-# SESSION_COOKIE_HTTPONLY = True
-# CSRF_COOKIE_HTTPONLY = False  # Django требует доступ к CSRF cookie через JS
-# SESSION_COOKIE_SAMESITE = 'Lax'
-# CSRF_COOKIE_SAMESITE = 'Lax'
-
-# Если используете другие cookies
-# LANGUAGE_COOKIE_SECURE = True
-# LANGUAGE_COOKIE_HTTPONLY = True
-# LANGUAGE_COOKIE_SAMESITE = 'Lax'
-
 # Для разработки (HTTP)
 SESSION_COOKIE_SECURE = False
 CSRF_COOKIE_SECURE = False
@@ -59,15 +46,29 @@ X_FRAME_OPTIONS = 'ALLOW-FROM https://metrika.yandex.ru'
 ALLOWED_HOSTS = os.getenv('DJANGO_ALLOWED_HOSTS', 'localhost,127.0.0.1').split(',')
 
 # Важно для работы за прокси
-# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
-# SECURE_SSL_REDIRECT = True
-#
-# # Дополнительная безопасность
-# SECURE_BROWSER_XSS_FILTER = True
-# SECURE_CONTENT_TYPE_NOSNIFF = True
-# SECURE_HSTS_SECONDS = 31536000
-# SECURE_HSTS_INCLUDE_SUBDOMAINS = True
-# SECURE_HSTS_PRELOAD = True
+if not DEBUG:
+    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+    SECURE_SSL_REDIRECT = True
+
+    # Дополнительная безопасность
+    SECURE_BROWSER_XSS_FILTER = True
+    SECURE_CONTENT_TYPE_NOSNIFF = True
+    SECURE_HSTS_SECONDS = 31536000
+    SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+    SECURE_HSTS_PRELOAD = True
+
+    # Безопасность cookies для HTTPS
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
+    SESSION_COOKIE_HTTPONLY = True
+    CSRF_COOKIE_HTTPONLY = False  # Django требует доступ к CSRF cookie через JS
+    SESSION_COOKIE_SAMESITE = 'Lax'
+    CSRF_COOKIE_SAMESITE = 'Lax'
+
+    # Если используете другие cookies
+    LANGUAGE_COOKIE_SECURE = True
+    LANGUAGE_COOKIE_HTTPONLY = True
+    LANGUAGE_COOKIE_SAMESITE = 'Lax'
 
 CSRF_TRUSTED_ORIGINS = [
     'https://nikdizell.ru',