Skip to content

Commit 5098422

Browse files
Julio-Oliveira-Encorajeremystretch
Julio-Oliveira-Encora
and
jeremystretch
authored
Fixes #15644 - Add the ability to configure HSTS in NetBox (#15683)
* Added SECURE_HSTS_SECONDSm SECURE_HSTS_INCLUDE_SUBDOMAINS, and SECURE_HSTS_PRELOAD to settings.py * Addressed some PR comments. * Apply suggestions from code review --------- Co-authored-by: Jeremy Stretch <[email protected]>
1 parent d7922a6 commit 5098422

File tree

2 files changed

+27
-0
lines changed

2 files changed

+27
-0
lines changed

docs/configuration/security.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -183,6 +183,30 @@ The view name or URL to which a user is redirected after logging out.
183183

184184
---
185185

186+
## SECURE_HSTS_INCLUDE_SUBDOMAINS
187+
188+
Default: False
189+
190+
If true, the `includeSubDomains` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to apply the HSTS policy to all subdomains of the current domain.
191+
192+
---
193+
194+
## SECURE_HSTS_PRELOAD
195+
196+
Default: False
197+
198+
If true, the `preload` directive will be included in the HTTP Strict Transport Security (HSTS) header. This directive instructs the browser to preload the site in HTTPS. Browsers that use the HSTS preload list will force the site to be accessed via HTTPS even if the user types HTTP in the address bar.
199+
200+
---
201+
202+
## SECURE_HSTS_SECONDS
203+
204+
Default: 0
205+
206+
If set to a non-zero integer value, the SecurityMiddleware sets the HTTP Strict Transport Security (HSTS) header on all responses that do not already have it. This will instruct the browser that the website must be accessed via HTTPS, blocking any HTTP request.
207+
208+
---
209+
186210
## SECURE_SSL_REDIRECT
187211

188212
Default: False

netbox/netbox/settings.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,9 @@
160160
RQ_RETRY_MAX = getattr(configuration, 'RQ_RETRY_MAX', 0)
161161
SCRIPTS_ROOT = getattr(configuration, 'SCRIPTS_ROOT', os.path.join(BASE_DIR, 'scripts')).rstrip('/')
162162
SEARCH_BACKEND = getattr(configuration, 'SEARCH_BACKEND', 'netbox.search.backends.CachedValueSearchBackend')
163+
SECURE_HSTS_INCLUDE_SUBDOMAINS = getattr(configuration, 'SECURE_HSTS_INCLUDE_SUBDOMAINS', False)
164+
SECURE_HSTS_PRELOAD = getattr(configuration, 'SECURE_HSTS_PRELOAD', False)
165+
SECURE_HSTS_SECONDS = getattr(configuration, 'SECURE_HSTS_SECONDS', 0)
163166
SECURE_SSL_REDIRECT = getattr(configuration, 'SECURE_SSL_REDIRECT', False)
164167
SENTRY_DSN = getattr(configuration, 'SENTRY_DSN', None)
165168
SENTRY_ENABLED = getattr(configuration, 'SENTRY_ENABLED', False)

0 commit comments

Comments
 (0)