Skip to content
Critiq Docs

Search docs

Search documentation pages and rules

security.misconfiguration

Avoid unsafe Django production settings

Production Django settings should disable debug mode, restrict hosts, protect secrets, and enable HTTPS-aligned cookie flags.

#Metadata

Rule ID
py.security.django-unsafe-production-settings
Severity
high
Confidence
0.88
Languages
python
Presets
security, strict
Stability
stable
Applies to
block
Tags
configuration, django, python, rules-catalog, security

#Why it matters

Misconfigured Django defaults expose debug traces, enable host header attacks, leak secrets, and weaken cookie transport protections.

#Remediation

Align settings with your deployment checklist—disable DEBUG, pin ALLOWED_HOSTS, load secrets from the environment, and enable secure cookie and HTTPS flags.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/python/py.security.django-unsafe-production-settings.rule.yaml.

Back to directoryOpen rule in repository