diff options
| author | Dan McGee <dpmcgee@gmail.com> | 2013-02-04 21:41:47 -0600 |
|---|---|---|
| committer | Dan McGee <dpmcgee@gmail.com> | 2013-02-04 21:41:47 -0600 |
| commit | 49b5c74241e88aceec1b30875cbae4a1a062fdcc (patch) | |
| tree | 08d509664b804c9317a386080b1c00c141c5c2e0 | |
| parent | 8bbf80092fde60ee984258858c77384bb2b2970b (diff) | |
| download | website-49b5c74241e88aceec1b30875cbae4a1a062fdcc.tar.gz website-49b5c74241e88aceec1b30875cbae4a1a062fdcc.zip | |
Modernize settings.py
* Remove gzip filter (NGINX should be able to do this)
* Move some other middleware around
* Use cache-busting static files backend
* Use cached_db session storage
| -rw-r--r-- | settings.py | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/settings.py b/settings.py index 29c185e..b5e00cc 100644 --- a/settings.py +++ b/settings.py @@ -41,17 +41,14 @@ TEMPLATE_LOADERS = ( 'django.template.loaders.app_directories.Loader', ) -# Define our middleware classes. -# To disable caching for devel, use simple://. MIDDLEWARE_CLASSES = ( - 'django.middleware.gzip.GZipMiddleware', - 'django.middleware.http.ConditionalGetMiddleware', 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', - 'django.middleware.doc.XViewMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'django.middleware.http.ConditionalGetMiddleware', ) ROOT_URLCONF = 'urls' @@ -60,6 +57,19 @@ TEMPLATE_DIRS = ( '%s/templates' % DEPLOY_PATH, ) +# Static files backend that allows us to use far future Expires headers +STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.CachedStaticFilesStorage' + +# Configure where messages should reside +MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage' + +# Session configuration +SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' +SESSION_COOKIE_HTTPONLY = True + +# Clickjacking protection +X_FRAME_OPTIONS = 'DENY' + INSTALLED_APPS = ( 'django.contrib.auth', 'django.contrib.contenttypes', |