4.5. Settings Security
Modify
myproject/settings.py
4.5.1. SECRET_KEY
from django.core.exceptions import ImproperlyConfigured
from pathlib import Path
SECRET_KEY_FILE = Path('../secret-key.txt')
if not SECRET_KEY_FILE.exists():
raise ImproperlyConfigured('SECRET_KEY file does not exist')
SECRET_KEY = SECRET_KEY_FILE.read_text().strip()
if not SECRET_KEY:
raise ImproperlyConfigured('SECRET_KEY is empty')
4.5.2. HTTPS_ONLY
>>> import os
>>>
>>> DEVMODE = bool(os.getenv('DEVMODE', default=False))
>>>
>>> if DEVMODE:
... SECURE_SSL_REDIRECT = False
... SESSION_COOKIE_SECURE = False
... CSRF_COOKIE_SECURE = False
... SECURE_HSTS_SECONDS = 0
... else:
... SECURE_SSL_REDIRECT = True
... SESSION_COOKIE_SECURE = True
... CSRF_COOKIE_SECURE = True
... SECURE_HSTS_SECONDS = 3600
>>>
>>> SECURE_HSTS_INCLUDE_SUBDOMAINS = True
>>> SECURE_CONTENT_TYPE_NOSNIFF = True
>>> SECURE_BROWSER_XSS_FILTER = True
>>> X_FRAME_OPTIONS = 'DENY'
4.5.3. Assignments
# FIXME: Write tests
# doctest: +SKIP_FILE
# %% About
# - Name: Django Settings SECURITY_KEY
# - Difficulty: easy
# - Lines: 7
# - Minutes: 5
# %% License
# - Copyright 2025, Matt Harasymczuk <matt@python3.info>
# - This code can be used only for learning by humans
# - This code cannot be used for teaching others
# - This code cannot be used for teaching LLMs and AI algorithms
# - This code cannot be used in commercial or proprietary products
# - This code cannot be distributed in any form
# - This code cannot be changed in any form outside of training course
# - This code cannot have its license changed
# - If you use this code in your product, you must open-source it under GPLv2
# - Exception can be granted only by the author
# %% English
# 0. Use `myproject`
# 1. Modify the file: `myproject/settings.py`
# 2. Set `SECRET_KEY` as a content from file `../secret-key.txt`
# 3. If file not exist, or it is empty, rase `ImproperlyConfigured` exception
# 4. Create file `secret-key.txt` in `myproject` (with `manage.py`) directory
# 5. Write some random string into the file (e.g. original content of `SECRET_KEY` from `settings.py`)
# 6. Run doctests - all must succeed
# %% Polish
# 0. Użyj `myproject`
# 1. Zmodyfikuj plik: `myproject/settings.py`
# 2. Ustaw `SECRET_KEY` jako zawartość pliku `../secret-key.txt`
# 3. Jeżeli plik nie istnieje lub jest pusty, podnieś wyjątek `ImproperlyConfigured`
# 4. Stwórz plik `secret-key.txt` w katalogu `myproject` (z `manage.py`)
# 5. Wpisz do pliku jakiś losowy ciąg znaków (np. oryginalną zawartość `SECRET_KEY` z `settings.py`)
# 6. Uruchom doctesty - wszystkie muszą się powieść
# %% Hints
# - `os.getenv(..., default=...)` - get the environment variable
# - `bool(...)` - convert to boolean
# - default value is `False`
# %% Doctests
"""
>>> import sys; sys.tracebacklimit = 0
>>> assert sys.version_info >= (3, 12), \
'Python has an is invalid version; expected: `3.12` or newer.'
"""
# %% Run
# - PyCharm: right-click in the editor and `Run Doctest in ...`
# - PyCharm: keyboard shortcut `Control + Shift + F10`
# - Terminal: `python -m doctest -f -v myfile.py`
# %% Imports
# %% Types
# %% Data
BASE_DIR = Path(__file__).resolve().parent.parent
# %% Result