Use secure cookies

photo21/settings.py

@@ -23,7 +23,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'CHANGE_ME'
+SECRET_KEY = ''
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False
@@ -36,15 +36,13 @@ ALLOWED_HOSTS = [
 ]
 
 # Admins receive server errors, this is useful to be notified of potential bugs
+# By default MANAGERS=ADMINS, so admins also receive upload notifications
 ADMINS = [
     ('admin', 'photos-admin@lists.crans.org'),
 ]
 
-# Managers receive notifications about new photos upload
+# Use secure cookies in production
-MANAGERS = [
+SESSION_COOKIE_SECURE = not DEBUG
-    ('moderation', 'photos-admin@lists.crans.org'),
-]
-
 
 # Application definition
 
@@ -144,14 +142,8 @@ PASSWORD_HASHERS = [
 # Internationalization
 # https://docs.djangoproject.com/en/2.2/topics/i18n/
 
-LANGUAGE_CODE = 'en-us'
-
 TIME_ZONE = 'UTC'
 
-USE_I18N = True
-
-USE_L10N = True
-
 USE_TZ = True
 
 # Limit available languages to this subset
@@ -185,16 +177,10 @@ LOCALE_PATHS = [os.path.join(BASE_DIR, 'photo21/locale')]
 
 FIXTURE_DIRS = [os.path.join(BASE_DIR, 'photo21/fixtures')]
 
-# Email settings
+# Do not send email during debug
+# By default Django sends mails to localhost:25 without authentification
 if DEBUG:
     EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
-else:
-    EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
-EMAIL_USE_SSL = os.getenv('EMAIL_USE_SSL', False)
-EMAIL_HOST = os.getenv('EMAIL_HOST', 'localhost')
-EMAIL_PORT = os.getenv('EMAIL_PORT', 25)
-EMAIL_HOST_USER = os.getenv('EMAIL_USER', None)
-EMAIL_HOST_PASSWORD = os.getenv('EMAIL_PASSWORD', None)
 
 # Mail will be sent from this address
 SERVER_EMAIL = "photos@crans.org"