Cookiecutter如何与django rest framework结合,开发前后端分离的项目?
来源:4-3 cookiecutter-django火速搭建项目
winfred_wu
2019-04-29
请问老师,问题1:Cookiecutter如何与django rest framework结合,开发前后端分离的项目?
问题2:编写网站时,如何保证网站的安全性?
谢谢!
1回答
-
Jack
2019-04-29
cookiecutter也可以搭建前后端分离的项目(用cookiecutter-django-rest),保证安全这问题就广泛了,常见的xss,csrf,防sql注入框架都搞定了,django settings.py里面有很多安全配置相关的选项,比如,视频里会慢慢讲到
# SECURITY
# ------------------------------------------------------------------------------
# https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-httponly
SESSION_COOKIE_HTTPONLY = True
# https://docs.djangoproject.com/en/dev/ref/settings/#csrf-cookie-httponly
CSRF_COOKIE_HTTPONLY = False # 默认为False, 如果设置为True, JS将不能获取到CSRF cookie
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-browser-xss-filter
SECURE_BROWSER_XSS_FILTER = True
# https://docs.djangoproject.com/en/dev/ref/settings/#x-frame-options
X_FRAME_OPTIONS = 'DENY'部署的时候用https。
10
相似问题