Настройки прод

2025-11-19 19:29:46 +03:00 · 2025-11-19 19:29:46 +03:00 · 439202a140
commit 439202a140
parent e5a9bd4067
1 changed files with 54 additions and 3 deletions
--- a/OneCprogsite/OneCprogsite/settings.py
+++ b/OneCprogsite/OneCprogsite/settings.py
@ -22,11 +22,50 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = 'django-insecure-5rs2a1*8cxjkv*%6k1-88biv&1#nep%@i+%1^dk=5j$s&e&hwm'

+# Безопасность cookies для HTTPS
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_HTTPONLY = True
+CSRF_COOKIE_HTTPONLY = False  # Django требует доступ к CSRF cookie через JS
+SESSION_COOKIE_SAMESITE = 'Lax'
+CSRF_COOKIE_SAMESITE = 'Lax'
+
+# Если используете другие cookies
+LANGUAGE_COOKIE_SECURE = True
+LANGUAGE_COOKIE_HTTPONLY = True
+LANGUAGE_COOKIE_SAMESITE = 'Lax'
+
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = False

-ALLOWED_HOSTS = ['*']
+X_FRAME_OPTIONS = 'SAMEORIGIN'
+# Или разрешить конкретные домены (Django 4.0+)
+X_FRAME_OPTIONS = 'ALLOW-FROM https://metrika.yandex.ru'

+# ОБЯЗАТЕЛЬНО укажите ваши домены
+ALLOWED_HOSTS = [
+    'nikdizell.ru',
+    'www.nikdizell.ru',
+    'localhost',
+    '127.0.0.1',
+    '192.168.31.88'  # Добавьте IP сервера
+]
+
+# Важно для работы за прокси
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SECURE_SSL_REDIRECT = True
+
+# Дополнительная безопасность
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
+CSRF_TRUSTED_ORIGINS = [
+    'https://nikdizell.ru',
+    'https://www.nikdizell.ru',
+]

 # Application definition

@ -57,6 +96,16 @@ MIDDLEWARE = [

 ROOT_URLCONF = 'OneCprogsite.urls'

+# Кастомный middleware для CSP
+class CSPMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+        response['Content-Security-Policy'] = "frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com"
+        return response
+
 TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
@ -87,7 +136,7 @@ DATABASES = {
        'NAME': 'App',
        'USER': 'postgres',
        'PASSWORD': 'NikDi94Zell',
-        'HOST': 'localhost',
+        'HOST': 'postgres',
        'PORT': 5432,
    }
 }
@ -159,3 +208,5 @@ SERVER_EMAIL = EMAIL_HOST_USER
 # Email для уведомлений (можно указать несколько через запятую)
 # ADMIN_EMAILS = os.getenv('ADMIN_EMAILS', 'nikdizell@gmail.com').split(',')
 ADMIN_EMAILS = os.getenv('ADMIN_EMAILS', 'it@nserdyuk.ru').split(',')
+
+