I've implemented the ability to register "deployment checks" by adding
deploy=True to register: @register("tag_name", deploy=True). These checks
are only run if you pass the --deploy flag to check. So in development you
can run `manage.py check --deploy --settings=settings_prod` to check your
production settings file. Running these checks automatically if DEBUG is
False would likely give them better visibility, but I don't see an easy way
of disabling them when testing if we did that.
Regarding settings, would it be preferable to move them into a single
dictionary setting called something like SECURITY_MIDDLEWARE_CONFIG?
On Thursday, August 28, 2014 6:27:40 AM UTC-4, Tim Graham wrote:
>
> The settings for the SecurityMiddleware as they appear in django-secure
> are:
>
> SECURE_HSTS_SECONDS=0
> SECURE_HSTS_INCLUDE_SUBDOMAINS=False
> SECURE_CONTENT_TYPE_NOSNIFF=False
> SECURE_BROWSER_XSS_FILTER=False
> SECURE_SSL_REDIRECT=False
> SECURE_SSL_HOST=None
> SECURE_REDIRECT_EXEMPT=[]
>
> Yo-Yo, would be helpful to say *why* you are -1 so we can take that into
> consideration.
>
> On Thursday, August 28, 2014 2:45:07 AM UTC-4, Yo-Yo Ma wrote:
>>
>> +1 on basically adding the functionality of checksecure to the default
>> validation.
>>
>> -1 to adding the middleware.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/5069271f-8a21-4fdd-921f-ee2baa11b45b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
