From adad8e11e082592f14b59ddad76343e2a4ef0bbc Mon Sep 17 00:00:00 2001 From: James McKinney <26463+jpmckinney@users.noreply.github.com> Date: Mon, 4 Nov 2024 15:52:53 -0500 Subject: [PATCH] http: Add section for HTTP headers, #110 --- docs/http/index.rst | 26 ++++++++++++++++++++++++++ docs/index.rst | 1 + docs/python/django.rst | 2 ++ 3 files changed, 29 insertions(+) create mode 100644 docs/http/index.rst diff --git a/docs/http/index.rst b/docs/http/index.rst new file mode 100644 index 0000000..708a390 --- /dev/null +++ b/docs/http/index.rst @@ -0,0 +1,26 @@ +HTTP +==== + +In order of preference, set these headers in: + +- project code +- ``default.conf`` file, if the project includes a `Docker image running nginx `__ +- `deploy `__ repository, if the project runs third-party code, like WordPress + +X-Content-Type-Options +---------------------- + +If not already set (like via `SECURE_CONTENT_TYPE_NOSNIFF `__ in Django), set the header to: + +.. code-block:: none + + nosniff + +Strict-Transport-Security (HSTS) +-------------------------------- + +If not already set (like via :ref:`SECURE_HSTS_SECONDS` in Django), set the header to: + +.. code-block:: none + + max-age=31536000; includeSubdomains; preload diff --git a/docs/index.rst b/docs/index.rst index 9f04693..26e9210 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -18,6 +18,7 @@ This work is licensed under a `Creative Commons Attribution 4.0 International Li javascript/index shell/index htmlcss/index + http/index docker/index services/index git/index diff --git a/docs/python/django.rst b/docs/python/django.rst index ab2c3c3..f30050a 100644 --- a/docs/python/django.rst +++ b/docs/python/django.rst @@ -148,6 +148,8 @@ In other modules, import settings from ``django.conf``, `as recommended `, for the general approach to configuration +.. _django-env: + Environment variables ~~~~~~~~~~~~~~~~~~~~~