I was interested in imposing https on my entire python django project. I found this solution and it looks promising. I made these changes to the equivalent of my settings.py
SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = 60
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_FRAME_DENY = True
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_BROWSER_XSS_FILTER = True
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
and
MIDDLEWARE_CLASSES = (
# This middleware is for ensuring that all pages use https
'djangosecure.middleware.SecurityMiddleware',
...
and
INSTALLED_APPS = (
# for https
'djangosecure',
...
When I run python manage.py checksecure, the message I get is 'All clear!`, however, when I deploy to google apps engine, I get this error:
File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/django- 1.5/django/core/handlers/base.py", line 51, in load_middleware
raise exceptions.ImproperlyConfigured('Error importing middleware %s: "%s"' % (mw_module, e))
ImproperlyConfigured: Error importing middleware django-secure- 1.0.1.djangosecure.middleware: "No module named django-secure- 1.0.1.djangosecure.middleware"
What am I doing wrong?
Aucun commentaire:
Enregistrer un commentaire