On Wed, Apr 3, 2019 at 11:39 AM James Bennett <[email protected]> wrote:
> On Wed, Apr 3, 2019 at 2:34 AM Carlton Gibson <[email protected]> > wrote: > >> Yes, super thanks. Breaking login in development would qualify as a good >> *Why* yes. 🙂 >> >> I'll assume we're NOT going to do this, but anyone with input, please do >> comment. >> > > Historically I've done something along the lines of > > CSRF_COOKIE_SECURE = not DEBUG > SESSION_COOKIE_SECURE = not DEBUG > > That guarantees I never go to production without the cookies set to > secure, but also avoids breaking local dev. I do similar things with other > SSL-related settings. > > I'm not sure how well it generalizes to other people's use cases, though. > I do this too, but not using "not DEBUG" but SECURE_SSL_REDIRECT (or the related setting for django-canonical-domain). It might be a good idea to add something like this to the project template? -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CANvPqgCES-_-%3D8V%2BuAxecqC-Xd2sUaqeDRiSeX%2Byz0OXrfZRUQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
