Django - Security Best Practices
You want to ensure your Django site uses HTTPS and prevents clickjacking attacks. Which combination of settings should you configure?
You want to ensure your Django site uses HTTPS and prevents clickjacking attacks. Which combination of settings should you configure?
hard📝 Application Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Enable HTTPS redirection
Setting SECURE_SSL_REDIRECT = true forces all HTTP requests to HTTPS, securing data in transit.Step 2: Prevent clickjacking
Adding 'django.middleware.clickjacking.XFrameOptionsMiddleware' sets headers to stop the site from being framed by others.Final Answer:
Set SECURE_SSL_REDIRECT = true and add 'django.middleware.clickjacking.XFrameOptionsMiddleware' to MIDDLEWARE. -> Option DQuick Check:
HTTPS redirect + clickjacking middleware = secure site [OK]
Quick Trick: Use SSL redirect and clickjacking middleware for HTTPS and framing [OK]
Common Mistakes:
MISTAKES- Enabling DEBUG on live for security
- Allowing all hosts without restrictions
- Disabling CSRF protection mistakenly
Master "Security Best Practices" in Django
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Django Quizzes