Django - Security Best Practices
You want to secure your Django site so that session and CSRF cookies are only sent over HTTPS, and all HTTP requests redirect to HTTPS. Which combination of settings achieves this securely?
You want to secure your Django site so that session and CSRF cookies are only sent over HTTPS, and all HTTP requests redirect to HTTPS. Which combination of settings achieves this securely?
hard📝 Application Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Ensure HTTP requests redirect to HTTPS
SettingSECURE_SSL_REDIRECT = Trueforces all HTTP requests to HTTPS, preventing insecure access.Step 2: Secure cookies for session and CSRF
Setting bothSESSION_COOKIE_SECUREandCSRF_COOKIE_SECUREto True ensures cookies are only sent over HTTPS connections.Step 3: Evaluate other options
The other options fail to secure either redirection or cookies properly, leaving security gaps.Final Answer:
SECURE_SSL_REDIRECT = True, SESSION_COOKIE_SECURE = True, CSRF_COOKIE_SECURE = True -> Option AQuick Check:
All three settings True secures HTTPS and cookies [OK]
Quick Trick: Enable all three: redirect and secure cookies [OK]
Common Mistakes:
MISTAKES- Not enabling HTTPS redirect
- Leaving cookie secure flags False
- Assuming one setting is enough alone
Master "Security Best Practices" in Django
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Django Quizzes