generated from erangel1/generic-template
58 lines
1.6 KiB
Python
58 lines
1.6 KiB
Python
"""
|
|
Production settings for LabGraph.
|
|
|
|
Inherits all base settings and adds:
|
|
- DEBUG = False
|
|
- Strict CORS (origins required from env, no default)
|
|
- HSTS + secure cookies + SSL redirect
|
|
- WhiteNoise compressed static files
|
|
- JSON-formatted structured logging at WARNING level
|
|
"""
|
|
|
|
from .base import * # noqa: F401, F403
|
|
from .base import env
|
|
|
|
DEBUG = False
|
|
|
|
# Production CORS must be explicitly set — no default
|
|
CORS_ALLOWED_ORIGINS = env.list("CORS_ALLOWED_ORIGINS")
|
|
|
|
# Security hardening
|
|
SECURE_HSTS_SECONDS = 31_536_000 # 1 year
|
|
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
|
|
SECURE_HSTS_PRELOAD = True
|
|
SECURE_SSL_REDIRECT = env.bool("SECURE_SSL_REDIRECT", default=True)
|
|
SESSION_COOKIE_SECURE = True
|
|
CSRF_COOKIE_SECURE = True
|
|
SECURE_BROWSER_XSS_FILTER = True
|
|
SECURE_CONTENT_TYPE_NOSNIFF = True
|
|
X_FRAME_OPTIONS = "DENY"
|
|
|
|
# WhiteNoise: compress + fingerprint static files for long-lived caching
|
|
STATICFILES_STORAGE = "whitenoise.storage.CompressedManifestStaticFilesStorage"
|
|
|
|
LOGGING = {
|
|
"version": 1,
|
|
"disable_existing_loggers": False,
|
|
"formatters": {
|
|
"json": {
|
|
"()": "logging.Formatter",
|
|
"fmt": '{"time": "%(asctime)s", "level": "%(levelname)s", "name": "%(name)s", "message": "%(message)s"}',
|
|
},
|
|
},
|
|
"handlers": {
|
|
"console": {
|
|
"class": "logging.StreamHandler",
|
|
"formatter": "json",
|
|
},
|
|
},
|
|
"root": {
|
|
"handlers": ["console"],
|
|
"level": "WARNING",
|
|
},
|
|
"loggers": {
|
|
"django": {"handlers": ["console"], "level": "WARNING", "propagate": False},
|
|
"celery": {"handlers": ["console"], "level": "WARNING", "propagate": False},
|
|
},
|
|
}
|