settings: secure cookies in production

author: fschildt <florian.schildt@protonmail.com> 2025-10-19 17:38:03 +0200
committer: fschildt <florian.schildt@protonmail.com> 2025-10-19 17:38:03 +0200
commit: 3abe7842519b18418e658769f8fb196acf0d8687 (patch)
tree: 2d26647aa80a2a649de92858b53c87e159c40dbb
parent: 556a5922844cf900149f0b7f58fa67d4b18b2729 (diff)
1 files changed, 10 insertions, 6 deletions
diff --git a/fsweb/settings.py b/fsweb/settings.py
index 9221719..e4359ea 100644
--- a/fsweb/settings.py
+++ b/fsweb/settings.py
@@ -18,11 +18,14 @@ from dotenv import load_dotenv
 BASE_DIR = Path(__file__).resolve().parent.parent
 
 
+
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/5.1/howto/deployment/checklist/
 
-env = os.getenv('DJANGO_ENV')
-if env == 'production':
+
+# Basic Settings
+is_env_production = os.getenv('DJANGO_ENV') == 'production'
+if is_env_production:
     load_dotenv('/var/www/fsweb/config/.env')
 else:
     load_dotenv('.env.dev')
@@ -32,10 +35,11 @@ SECRET_KEY = os.getenv('SECRET_KEY')
 ALLOWED_HOSTS = os.getenv('ALLOWED_HOSTS', '').split(',')
 STATIC_ROOT = os.getenv('STATIC_ROOT')
 
-if not SECRET_KEY:
-    raise ValueError("SECRET_KEY is not set in the .env file")
-if env == 'production' and not ALLOWED_HOSTS:
-    raise ValueError("ALLOWED_HOSTS must be set in production")
+# Security Settings
+if is_env_production:
+    CSRF_COOKIE_SECURE = True
+    SESSION_COOKIE_SECURE = True
+
 
 
 # Application definition
author	fschildt <florian.schildt@protonmail.com>	2025-10-19 17:38:03 +0200
committer	fschildt <florian.schildt@protonmail.com>	2025-10-19 17:38:03 +0200
commit	3abe7842519b18418e658769f8fb196acf0d8687 (patch)
tree	2d26647aa80a2a649de92858b53c87e159c40dbb
parent	556a5922844cf900149f0b7f58fa67d4b18b2729 (diff)