Settings & Production Configuration
Settings split (base/dev/prod), secrets management, ALLOWED_HOSTS, CSRF_TRUSTED_ORIGINS, SECURE_* settings, .env/vault, storage configuration
1What is the recommended structure for organizing Django settings files in production?
What is the recommended structure for organizing Django settings files in production?
답변
The recommended structure involves creating a settings package with a base.py file containing common configurations, then separate dev.py, staging.py and prod.py files that import and extend base.py. This approach allows sharing common configuration while customizing specific environments, making maintenance easier and reducing code duplication.
2How to specify which settings file to use when starting a Django project?
How to specify which settings file to use when starting a Django project?
답변
The DJANGO_SETTINGS_MODULE environment variable specifies the Python path to the settings module to use. For example, DJANGO_SETTINGS_MODULE=myproject.settings.prod tells Django to use the prod.py file from the settings package. This variable can be set in the shell, server configuration files or deployment scripts.
3What is the purpose of the ALLOWED_HOSTS setting in Django?
What is the purpose of the ALLOWED_HOSTS setting in Django?
답변
ALLOWED_HOSTS is a list of domains/hosts allowed to serve the Django application. This security mechanism protects against HTTP Host header attacks by validating the Host header of each request. In production with DEBUG=False, this setting is mandatory and must contain the legitimate domains of the application to avoid 400 Bad Request errors.
What ALLOWED_HOSTS value accepts any host, and why is it dangerous in production?
What is the purpose of the CSRF_TRUSTED_ORIGINS setting introduced in Django 4.0?
+19 면접 질문