# -*- coding: utf-8 -*- """ Production Configurations - Use djangosecure - Use Amazon's S3 for storing static files and uploaded media - Use mailgun to send emails - Use Redis on Heroku """ from __future__ import absolute_import, unicode_literals from .common import * # noqa # SECRET CONFIGURATION # ------------------------------------------------------------------------------ # See: https://docs.djangoproject.com/en/dev/ref/settings/#secret-key # Raises ImproperlyConfigured exception if DJANGO_SECRET_KEY not in os.environ SECRET_KEY = env("DJANGO_SECRET_KEY") # django-secure # ------------------------------------------------------------------------------ # INSTALLED_APPS += ("djangosecure", ) # # SECURITY_MIDDLEWARE = ( # 'djangosecure.middleware.SecurityMiddleware', # ) # # # # Make sure djangosecure.middleware.SecurityMiddleware is listed first # MIDDLEWARE = SECURITY_MIDDLEWARE + MIDDLEWARE # # # set this to 60 seconds and then to 518400 when you can prove it works # SECURE_HSTS_SECONDS = 60 # SECURE_HSTS_INCLUDE_SUBDOMAINS = env.bool( # "DJANGO_SECURE_HSTS_INCLUDE_SUBDOMAINS", default=True) # SECURE_FRAME_DENY = env.bool("DJANGO_SECURE_FRAME_DENY", default=True) # SECURE_CONTENT_TYPE_NOSNIFF = env.bool( # "DJANGO_SECURE_CONTENT_TYPE_NOSNIFF", default=True) # SECURE_BROWSER_XSS_FILTER = True # SESSION_COOKIE_SECURE = False # SESSION_COOKIE_HTTPONLY = True # SECURE_SSL_REDIRECT = env.bool("DJANGO_SECURE_SSL_REDIRECT", default=True) # SITE CONFIGURATION # ------------------------------------------------------------------------------ # Hosts/domain names that are valid for this site # See https://docs.djangoproject.com/en/1.6/ref/settings/#allowed-hosts CSRF_TRUSTED_ORIGINS = ALLOWED_HOSTS # END SITE CONFIGURATION # Static Assets # ------------------------ STATICFILES_STORAGE = "django.contrib.staticfiles.storage.StaticFilesStorage" # TEMPLATE CONFIGURATION # ------------------------------------------------------------------------------ # See: # https://docs.djangoproject.com/en/dev/ref/templates/api/#django.template.loaders.cached.Loader TEMPLATES[0]["OPTIONS"]["loaders"] = [ ( "django.template.loaders.cached.Loader", [ "django.template.loaders.filesystem.Loader", "django.template.loaders.app_directories.Loader", ], ) ] # CACHING # ------------------------------------------------------------------------------ # Heroku URL does not pass the DB number, so we parse it in # LOGGING CONFIGURATION # ------------------------------------------------------------------------------ # See: https://docs.djangoproject.com/en/dev/ref/settings/#logging # A sample logging configuration. The only tangible logging # performed by this configuration is to send an email to # the site admins on every HTTP 500 error when DEBUG=False. # See http://docs.djangoproject.com/en/dev/topics/logging for # more details on how to customize your logging configuration. LOGGING = { "version": 1, "disable_existing_loggers": False, "filters": {"require_debug_false": {"()": "django.utils.log.RequireDebugFalse"}}, "formatters": { "verbose": { "format": "%(levelname)s %(asctime)s %(module)s " "%(process)d %(thread)d %(message)s" } }, "handlers": { "mail_admins": { "level": "ERROR", "filters": ["require_debug_false"], "class": "django.utils.log.AdminEmailHandler", }, "console": { "level": "DEBUG", "class": "logging.StreamHandler", "formatter": "verbose", }, }, "loggers": { "django.request": { "handlers": ["mail_admins"], "level": "ERROR", "propagate": True, }, "django.security.DisallowedHost": { "level": "ERROR", "handlers": ["console", "mail_admins"], "propagate": True, }, }, } # Your production stuff: Below this line define 3rd party library settings