31 lines
931 B
Python
31 lines
931 B
Python
"""
|
|
Production settings for the project.
|
|
"""
|
|
|
|
from .base import *
|
|
|
|
DEBUG = False
|
|
|
|
ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '').split(',')
|
|
|
|
# Security settings
|
|
SECURE_BROWSER_XSS_FILTER = True
|
|
SECURE_CONTENT_TYPE_NOSNIFF = True
|
|
SECURE_HSTS_SECONDS = 31536000
|
|
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
|
SECURE_HSTS_PRELOAD = True
|
|
SECURE_SSL_REDIRECT = False # Temporarily disabled for testing
|
|
SESSION_COOKIE_SECURE = True
|
|
CSRF_COOKIE_SECURE = True
|
|
|
|
# CORS - use environment variable
|
|
CORS_ALLOWED_ORIGINS = os.environ.get('CORS_ALLOWED_ORIGINS', '').split(',')
|
|
CSORS_ALLOW_CREDENTIALS = True
|
|
|
|
# Email backend (use your email service in production)
|
|
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
|
|
EMAIL_HOST = os.environ.get('EMAIL_HOST')
|
|
EMAIL_PORT = os.environ.get('EMAIL_PORT', 587)
|
|
EMAIL_USE_TLS = True
|
|
EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER')
|
|
EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD') |