Django web security checklist before deployment

You already know web security is important to keeping hackers and cyber-thieves from accessing sensitive information. So, in this post, we are going to check Django security vulnerabilities and how to fix them.

Full Post: [](

4 thoughts on “Django web security checklist before deployment”

  1. CSP is great, but that csp section is painful. i see no reason to use a library to set the headers. middle ware is simple to write, and those tuples of string wrapped strings are an eye sore. more importantly, at the very least the script src should be restricted to the static url. it will prevent anyone from trying to sneakily upload js to the media url

    edit: a more specific criticism of the csp package is that it’s almost a pure leaky abstraction. it requires the developer to know almost exactly how the CSP header is formed but with more overhead. the only arguable benefit is that it could be grouped with other header settings. the counter argument would be that middle ware is just as clean and conventional


Leave a Comment