django-secure 0.1.0

Dependencies

Tested with Django 1.2 through trunk, and Python 2.5 through 2.7. Quite likely works with older versions of both, though; it’s not very complicated.

Installation

Install from PyPI with pip:

pip install django-secure

or get the in-development version:

pip install django-secure==dev

Usage

• Add "djangosecure" to your INSTALLED_APPS setting.

• Add "djangosecure.middleware.SecurityMiddleware" to your MIDDLEWARE_CLASSES setting (where depends on your other middlewares, but near the beginning of the list is probably a good choice).

• Set the SECURE_SSL_REDIRECT setting to True if all non-SSL requests should be permanently redirected to SSL.

• Set the SECURE_HSTS_SECONDS setting to an integer number of seconds, if you want to use HTTP Strict Transport Security.

• Set the SECURE_FRAME_DENY setting to True, if you want to prevent framing of your pages and protect them from clickjacking.

• Set SESSION_COOKIE_SECURE and SESSION_COOKIE_HTTPONLY to True if you are using django.contrib.sessions. These settings are not part of django-secure, but they should be used if running a secure site, and the checksecure management command will check their values.

• Run python manage.py checksecure to verify that your settings are properly configured for serving a secure SSL site.

Documentation

See the full documentation for more details.