Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve default security configuration for production environment #54

Open
sveetch opened this issue Jul 24, 2024 · 1 comment
Open
Labels
question Further information is requested

Comments

@sveetch
Copy link
Owner

sveetch commented Jul 24, 2024

Is your feature request related to a problem? Please describe.

We currently don't configure anything special related to security, we just let the default Django configuration and assume it is to the project maintainer to decide and implement about security

Describe the solution you'd like

We should enable the Django security middleware in the production settings.

It just needs some test for CMS edition interface and CKEditor because frontend can sometime rely on some request/response behaviors that may be blocked by some security settings (like iframe forbidding).

There is also some concerns about the settings not managed by the security middleware:

Describe alternatives you've considered

Just notify about the Security middleware in documentation so project maintainer is aware of it.

@sveetch sveetch added the question Further information is requested label Jul 24, 2024
@sveetch
Copy link
Owner Author

sveetch commented Sep 28, 2024

Middleware documentation needs to be readed comprehensively by a sysadmin before so we are sure it works well on our infrastructure and so we can advise for some settings and provide some possible documentation.

@sveetch sveetch added this to v0.4.0 Dec 1, 2024
@sveetch sveetch moved this to Todo in v0.4.0 Dec 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
Status: Todo
Development

No branches or pull requests

1 participant