2 Sept 2023

Django Deployment Security: Checking and Fixing Warnings

Deploying a Django application can come with its own set of challenges, one of them being security warnings. The command "python manage.py check --deploy" can be used to check for security warnings in the project.

When running this command, it's important to note that you should be in the root folder of your project. The command will check for various security warnings such as not setting a value for the SECURE_HSTS_SECONDS setting, not setting the SECURE_HSTS_INCLUDE_SUBDOMAINS setting to True, not setting the SECURE_SSL_REDIRECT setting to True, not setting SESSION_COOKIE_SECURE to True and more.

To fix these warnings, open your settings.py file and set the appropriate value for each warning. For example, to fix the warning for not setting a value for the SECURE_HSTS_SECONDS setting, add the following line of code: SECURE_HSTS_SECONDS = 31536000. Similarly, you can set the value of other settings such as SECURE_HSTS_INCLUDE_SUBDOMAINS, SECURE_SSL_REDIRECT, SESSION_COOKIE_SECURE, CSRF_COOKIE_SECURE and more.

It is important to note that DEBUG should be set to False in deployment and ALLOWED_HOSTS must not be empty in deployment.

For your convenience, you can copy the below code, which will help you to fix all the warnings at once.

SECURE_HSTS_SECONDS = 31536000 # One year in seconds
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
DEBUG = False
ALLOWED_HOSTS = ["www.knowivate.com", "www.example.com"]
SECURE_HSTS_PRELOAD = True
SECURE_CONTENT_TYPE_NOSNIFF = True

It's important to note that the Django documentation is a great resource to refer to when working with security warnings. You can find more information on this topic by visiting the link: https://docs.djangoproject.com/en/3.2/ref/checks/#security

In this blog post, we have discussed the importance of running the "python manage.py check --deploy" command to check for security warnings and how to fix them. By following the steps outlined in this post, you should be able to deploy your Django application with confidence, knowing that it's secure.