I've implemented the ability to register "deployment checks" by adding
deploy=True to register: @register("tag_name", deploy=True). These checks
are only run if you pass the --deploy flag to check. So in development you
can run `manage.py check --deploy --settings=settings_prod` to check your
production settings file. Running these checks automatically if DEBUG is
False would likely give them better visibility, but I don't see an easy way
of disabling them when testing if we did that.
Regarding settings, would it be preferable to move them into a single
dictionary setting called something like SECURITY_MIDDLEWARE_CONFIG?
On Thursday, August 28, 2014 6:27:40 AM UTC-4, Tim Graham wrote:
>
> The settings for the SecurityMiddleware as they appear in django-secure
> are:
>
> SECURE_HSTS_SECONDS=0
> SECURE_HSTS_INCLUDE_SUBDOMAINS=False
> SECURE_CONTENT_TYPE_NOSNIFF=False
> SECURE_BROWSER_XSS_FILTER=False
> SECURE_SSL_REDIRECT=False
> SECURE_SSL_HOST=None
> SECURE_REDIRECT_EXEMPT=[]
>
> Yo-Yo, would be helpful to say *why* you are -1 so we can take that into
> consideration.
>
> On Thursday, August 28, 2014 2:45:07 AM UTC-4, Yo-Yo Ma wrote:
>>
>> +1 on basically adding the functionality of checksecure to the default
>> validation.
>>
>> -1 to adding the middleware.
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/5069271f-8a21-4fdd-921f-ee2baa11b45b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
