django安全崩潰我的網站

Question

我有興趣在我的整個python django項目施加https。我發現this解決方案，它看起來很有前途。但是我做了這些改變對我的settings.py相當於

SECURE_SSL_REDIRECT = True 
SECURE_HSTS_SECONDS = 60 
SECURE_HSTS_INCLUDE_SUBDOMAINS = True 
SECURE_FRAME_DENY = True 
SECURE_CONTENT_TYPE_NOSNIFF = True 
SECURE_BROWSER_XSS_FILTER = True 
SESSION_COOKIE_SECURE = True 
SESSION_COOKIE_HTTPONLY = True 

和

MIDDLEWARE_CLASSES = (
# This middleware is for ensuring that all pages use https 
'djangosecure.middleware.SecurityMiddleware', 
... 

和

INSTALLED_APPS = (
# for https 
'djangosecure', 
... 

當我運行python manage.py checksecure，我得到的消息是All clear!，當我部署到谷歌應用程序引擎，我得到這個錯誤：

File "/base/data/home/runtimes/python27/python27_lib/versions/third_party/django- 1.5/django/core/handlers/base.py", line 51, in load_middleware 
raise exceptions.ImproperlyConfigured('Error importing middleware %s: "%s"' % (mw_module, e)) 
ImproperlyConfigured: Error importing middleware django-secure- 1.0.1.djangosecure.middleware: "No module named django-secure- 1.0.1.djangosecure.middleware" 

我在做什麼錯？

Answer 1

在Google App引擎環境中沒有安裝名爲'django-secure'的模塊。您需要在Google App引擎中將該模塊提供給您的應用程序。

Here is a question and answer which gives instructions on how to do this。