Django deployment checklist

Django deployment checklist

Django tip:

Check your production settings.py file for security vulnerabilities with the check command:
$ ./manage.py check --deploy
https://docs.djangoproject.com/en/3.2/ref/django-admin/#check

Example:
$ ./manage.py check --deploy
System check identified some issues:

WARNINGS:
have not set CSRF COOKIE SECURE to True. Using a secure-only CSRF cookie
makes it more difficult for network traffic sniffers to steal the CSRF token.
? (security.W018) You should not have DEBUG set to True in deployment.
? (security.W022) You have not set the SECURE_REFERRER_POLICY setting.
Without this, your site will not send a Referrer-Policy header.
You should consider enabling this header to protect user privacy.
django View on Twitter Posted on Twitter on Feb. 21, 2021.

View All Tips