Your website is vulnerable to a number of common hacker attacks because
MIDDLEWARE setting is missing
Django's SecurityMiddleware performs a suite of security checks and enhancements. By not including this middleware the following security features are not enabled:
1; mode=blockto enable the browser's built-in XSS protection. This fearure is present on Internet Explorer, Chrome and Safari.
SECURE_SSL_REDIRECTis set to
So in practice, do this
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', ... ]
Instead of this
MIDDLEWARE = [ 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', ... ]
pip install django-doctor.
Django Doctor will run this check by default. No configuration is needed but the check can be turned on/off using check code
missing-security-middleware in your pyproject.toml file.