{"id":13491280,"url":"https://github.com/sdelements/django-security","last_synced_at":"2025-04-13T02:10:08.923Z","repository":{"id":1541060,"uuid":"1855847","full_name":"sdelements/django-security","owner":"sdelements","description":"A collection of models, views, middlewares, and forms to help secure a Django project.","archived":false,"fork":false,"pushed_at":"2023-11-29T02:00:17.000Z","size":461,"stargazers_count":269,"open_issues_count":6,"forks_count":48,"subscribers_count":62,"default_branch":"master","last_synced_at":"2024-05-22T15:10:35.033Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-4-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sdelements.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security/__init__.py","support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2011-06-06T17:33:14.000Z","updated_at":"2024-06-08T00:40:27.949Z","dependencies_parsed_at":"2024-01-06T10:13:47.311Z","dependency_job_id":"13d6ffc5-1593-40b4-a6fd-4f2481c55016","html_url":"https://github.com/sdelements/django-security","commit_stats":{"total_commits":437,"total_committers":35,"mean_commits":"12.485714285714286","dds":0.597254004576659,"last_synced_commit":"ae16f982e87ba8885cc133b04e0af2dba0134b5f"},"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdelements%2Fdjango-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdelements%2Fdjango-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdelements%2Fdjango-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sdelements%2Fdjango-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sdelements","download_url":"https://codeload.github.com/sdelements/django-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248654090,"owners_count":21140236,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T19:00:55.191Z","updated_at":"2025-04-13T02:10:08.896Z","avatar_url":"https://github.com/sdelements.png","language":"Python","funding_links":[],"categories":["Libs","Security","Python"],"sub_categories":["Other"],"readme":"# Django-Security\n\n[![Build Status](https://travis-ci.org/sdelements/django-security.svg?branch=master)](https://travis-ci.org/sdelements/django-security)\n\nThis package offers a number of models, views, middlewares and forms to facilitate security hardening of Django applications.\n\n# Full documentation\n\nAutomatically generated documentation of `django-security` is available on Read The Docs:\n\n* [Django-security documentation](http://django-security.readthedocs.org/en/master/)\n\n# Requirements\n\n* Python \u003e=3.12\n* Django  ~4.2\n\n# Installation\n\nInstall from Python packages repository:\n\n    pip install django-security\n\nIf you prefer the latest development version, install from\n[django-security](https://github.com/sdelements/django-security) repository on GitHub:\n\n    git clone https://github.com/sdelements/django-security.git\n    cd django-security\n    poetry install\n\nAdding to Django application's `settings.py` file:\n\n    INSTALLED_APPS = (\n        ...\n        'security',\n        ...\n    )\n\nMiddleware modules can be added to `MIDDLEWARE` list in settings file:\n\n    MIDDLEWARE = (\n        ...\n        'security.middleware.LoginRequiredMiddleware',\n        ...\n    )\n\nUnlike the modules listed above, some other modules **require**  configuration settings,\nfully described in [django-security documentation](http://django-security.readthedocs.org/en/latest/).\nBrief description is provided below.\n\n## Middleware\n\nProvided middleware modules will modify web application's output and input and in most cases requires no\nor minimum configuration.\n\n\u003ctable\u003e\n\n\u003ctr\u003e\n\u003cth\u003eMiddleware\u003c/th\u003e\n\u003cth\u003eDescription\u003c/th\u003e\n\u003cth\u003eConfiguration\u003c/th\u003e\n\u003c/tr\u003e\n\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"http://django-security.readthedocs.org/en/latest/#security.middleware.ClearSiteDataMiddleware\"\u003eClearSiteDataMiddleware\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eSend Clear-Site-Data header in HTTP response for any page that has been whitelisted. \u003cem\u003eRecommended\u003c/em\u003e.\u003c/td\u003e\n\u003ctd\u003eRequired.\u003c/td\u003e\n\u003c/tr\u003e\n\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"http://django-security.readthedocs.org/en/latest/#security.middleware.ContentSecurityPolicyMiddleware\"\u003eContentSecurityPolicyMiddleware\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eSend Content Security Policy (CSP) header in HTTP response. \u003cem\u003eRecommended,\u003c/em\u003e requires careful tuning.\u003c/td\u003e\n\u003ctd\u003eRequired.\u003c/td\u003e\n\u003c/tr\u003e\n\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"http://django-security.readthedocs.org/en/latest/#security.middleware.LoginRequiredMiddleware\"\u003eLoginRequiredMiddleware\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRequires a user to be authenticated to view any page on the site that hasn't been white listed.\u003c/td\u003e\n\u003ctd\u003eRequired.\u003c/td\u003e\n\u003c/tr\u003e\n\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"http://django-security.readthedocs.org/en/latest/#security.middleware.MandatoryPasswordChangeMiddleware\"\u003eMandatoryPasswordChangeMiddleware\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eRedirects any request from an authenticated user to the password change form if that user's password has expired.\u003c/td\u003e\n\u003ctd\u003eRequired.\u003c/td\u003e\n\u003c/tr\u003e\n\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"http://django-security.readthedocs.org/en/latest/#security.middleware.NoConfidentialCachingMiddleware\"\u003eNoConfidentialCachingMiddleware\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eAdds No-Cache and No-Store headers to confidential pages.\u003c/td\u003e\n\u003ctd\u003eRequired.\u003c/td\u003e\n\u003c/tr\u003e\n\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"http://django-security.readthedocs.org/en/latest/#security.middleware.ReferrerPolicyMiddleware\"\u003eReferrerPolicyMiddleware\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eSpecify when the browser will set a `Referer` header.\u003c/td\u003e\n\u003ctd\u003eOptional.\u003c/td\u003e\n\u003c/tr\u003e\n\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"http://django-security.readthedocs.org/en/latest/#security.middleware.SessionExpiryPolicyMiddleware\"\u003eSessionExpiryPolicyMiddleware\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eExpire sessions on browser close, and on expiry times stored in the cookie itself.\u003c/td\u003e\n\u003ctd\u003eRequired.\u003c/td\u003e\n\u003c/tr\u003e\n\n\u003ctr\u003e\n\u003ctd\u003e\u003ca href=\"http://django-security.readthedocs.org/en/latest/#security.middleware.ProfilingMiddleware\"\u003eProfilingMiddleware\u003c/a\u003e\u003c/td\u003e\n\u003ctd\u003eA simple middleware to capture useful profiling information in Django.\u003c/td\u003e\n\u003ctd\u003eOptional.\u003c/td\u003e\n\u003c/tr\u003e\n\n\u003c/table\u003e\n\n## Views\n\n`csp_report`\n\nView that allows reception of Content Security Policy violation reports sent by browsers in response\nto CSP header set by ``ContentSecurityPolicyMiddleware`. This should be used only if long term, continuous CSP report\nanalysis is required. For one time CSP setup [CspBuilder](http://cspbuilder.info/) is much simpler.\n\nThis view can be configured to either log received reports or store them in database.\nSee [documentation](http://django-security.readthedocs.org/en/latest/#security.views.csp_report) for details.\n\n`require_ajax`\n\nA view decorator which ensures that the request being processed by view is an AJAX request. Example usage:\n\n    @require_ajax\n    def myview(request):\n        ...\n\n## Models\n\n`CspReport`\n\nContent Security Policy violation report object. Only makes sense if `ContentSecurityPolicyMiddleware` and `csp_report` view are used.\nWith this model, the reports can be then analysed in Django admin site.\n\n`PasswordExpiry`\n\nAssociate a password expiry date with a user.\n\n## Logging\n\nAll `django-security` modules send important log messages to `security` facility. The application should configure a handler to receive them:\n\n    LOGGING = {\n        ...\n        'loggers': {\n            'security': {\n                'handlers': ['console',],\n                'level': 'INFO',\n                'propagate': False,\n                'formatter': 'verbose',\n            },\n        },\n        ...\n    }\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdelements%2Fdjango-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsdelements%2Fdjango-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsdelements%2Fdjango-security/lists"}