Bird
0
0

You want to ensure your Django app's cookies are secure and also prevent clickjacking attacks. Which combination of settings achieves this?

hard📝 Application Q8 of 15
Django - Security Best Practices
You want to ensure your Django app's cookies are secure and also prevent clickjacking attacks. Which combination of settings achieves this?
ASESSION_COOKIE_SECURE = False, SECURE_SSL_REDIRECT = False
BSESSION_COOKIE_SECURE = True, X_FRAME_OPTIONS = 'DENY'
CCSRF_COOKIE_SECURE = False, X_FRAME_OPTIONS = 'ALLOWALL'
DCSRF_COOKIE_SECURE = True, SECURE_HSTS_SECONDS = 0
Step-by-Step Solution
Solution:

  1. Step 1: Secure cookies with HTTPS only

    SESSION_COOKIE_SECURE = True ensures session cookies are sent only over HTTPS.

  2. Step 2: Prevent clickjacking with X_FRAME_OPTIONS

    X_FRAME_OPTIONS = 'DENY' prevents the site from being framed, protecting against clickjacking.

  3. Final Answer:

    SESSION_COOKIE_SECURE = True, X_FRAME_OPTIONS = 'DENY' -> Option B

  4. Quick Check:

    Secure cookies + frame denial = better security [OK]
Quick Trick: Combine secure cookies with frame options for safety [OK]
Common Mistakes:
MISTAKES
  • Allowing framing with ALLOWALL
  • Disabling secure cookie flags
  • Ignoring HTTPS redirection importance

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Async Django - When async helps and when it does not - Quiz 4medium Async Django - Channels for WebSocket support - Quiz 4medium Caching - Per-view caching - Quiz 2easy Caching - Why caching matters for performance - Quiz 7medium Celery and Background Tasks - Task retry and error handling - Quiz 11easy Celery and Background Tasks - Celery installation and setup - Quiz 11easy Celery and Background Tasks - Defining tasks - Quiz 9hard DRF Advanced Features - Search and ordering - Quiz 6medium Security Best Practices - Content Security Policy - Quiz 9hard Signals - Connecting signal handlers - Quiz 13medium