🔧 Split Settings into Development and Production Environments and updating the requirements

.env.example

@@ -1,8 +1,8 @@
 SECRET_KEY=my_secret_key
 DEBUG=True
 
-# ALLOWED_HOSTS=yourdomain.com,anotherdomain.com (Each host is separated by a comma)
-ALLOWED_HOSTS=*
+CODESPACE_NAME=yourcodespacename
+GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN=preview.app.github.dev
 
 DB_HOST=127.0.0.1
 DB_PORT=3306

hello_world/settings/__init__.py

@@ -0,0 +1,8 @@
+import os
+
+settings_module = os.getenv('DJANGO_SETTINGS_MODULE')
+
+if settings_module == 'hello_world.settings.production':
+    from .production import *
+elif settings_module == 'hello_world.settings.development':
+    from .development import *

hello_world/settings/base.py

@@ -0,0 +1,78 @@
+"""
+Base Django settings for hello_world project (shared across all environments).
+"""
+
+import os
+from pathlib import Path
+from decouple import config
+
+BASE_DIR = Path(__file__).resolve().parent.parent
+
+SECRET_KEY = config("SECRET_KEY", default="your-secret-key")
+
+# Can be overridden in dev/prod settings
+ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="").split(",")
+
+INSTALLED_APPS = [
+    "django.contrib.admin",
+    "django.contrib.auth",
+    "django.contrib.contenttypes",
+    "django.contrib.sessions",
+    "django.contrib.messages",
+    "django.contrib.staticfiles",
+    "django_browser_reload",
+]
+
+MIDDLEWARE = [
+    "django.middleware.security.SecurityMiddleware",
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.common.CommonMiddleware",
+    "django.middleware.csrf.CsrfViewMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "django_browser_reload.middleware.BrowserReloadMiddleware",
+]
+
+X_FRAME_OPTIONS = "ALLOW-FROM preview.app.github.dev"
+
+ROOT_URLCONF = "hello_world.urls"
+
+TEMPLATES = [
+    {
+        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        "DIRS": [BASE_DIR / "templates"],
+        "APP_DIRS": True,
+        "OPTIONS": {
+            "context_processors": [
+                "django.template.context_processors.debug",
+                "django.template.context_processors.request",
+                "django.contrib.auth.context_processors.auth",
+                "django.contrib.messages.context_processors.messages",
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = "hello_world.wsgi.application"
+
+AUTH_PASSWORD_VALIDATORS = [
+    {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"},
+    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator"},
+    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
+    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
+]
+
+LANGUAGE_CODE = "en-us"
+TIME_ZONE = "UTC"
+USE_I18N = True
+USE_TZ = True
+
+STATICFILES_DIRS = [BASE_DIR / "static"]
+STATIC_URL = "static/"
+STATIC_ROOT = BASE_DIR / "staticfiles"
+
+MEDIA_URL = "media/"
+MEDIA_ROOT = BASE_DIR / "media"
+
+DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"

hello_world/settings/development.py

@@ -0,0 +1,30 @@
+from .base import *
+import os
+
+DEBUG = True
+
+ALLOWED_HOSTS = ["localhost", "127.0.0.1"]
+CSRF_TRUSTED_ORIGINS = ["http://localhost:8000", "http://127.0.0.1"]
+
+# Support for GitHub Codespaces
+if 'CODESPACE_NAME' in os.environ:
+    from decouple import config
+    codespace_name = config("CODESPACE_NAME")
+    domain = config("GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN")
+    codespace_host = f"{codespace_name}-8000.{domain}"
+    ALLOWED_HOSTS.append(codespace_host)
+    CSRF_TRUSTED_ORIGINS.append(f"https://{codespace_host}")
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.sqlite3",
+        "NAME": BASE_DIR / "db.sqlite3",
+        "OPTIONS": {
+            "timeout": 20,
+        },
+    }
+}
+
+SECURE_SSL_REDIRECT = False
+SESSION_COOKIE_SECURE = False
+CSRF_COOKIE_SECURE = False

hello_world/settings/production.py

@@ -0,0 +1,29 @@
+from .base import *
+from decouple import config
+
+DEBUG = False
+
+ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="yourdomain.com").split(",")
+CSRF_TRUSTED_ORIGINS = config("CSRF_TRUSTED_ORIGINS", default="https://yourdomain.com").split(",")
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.postgresql",
+        "NAME": config("DB_NAME"),
+        "USER": config("DB_USER"),
+        "PASSWORD": config("DB_PASSWORD"),
+        "HOST": config("DB_HOST", default="localhost"),
+        "PORT": config("DB_PORT", default="5432"),
+    }
+}
+
+SECURE_SSL_REDIRECT = True
+SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_REFERRER_POLICY = "strict-origin-when-cross-origin"
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True

manage.py

@@ -6,7 +6,11 @@
 
 def main():
     """Run administrative tasks."""
-    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "hello_world.settings")
+    from hello_world.settings import development as settings
+    if settings.DEBUG:
+        os.environ.setdefault("DJANGO_SETTINGS_MODULE", "hello_world.settings.development")
+    else:
+        os.environ.setdefault("DJANGO_SETTINGS_MODULE", "hello_world.settings.production")
     try:
         from django.core.management import execute_from_command_line
     except ImportError as exc:

requirements.txt

@@ -1,5 +1,5 @@
 asgiref~=3.8.1
-Django~=5.0.8
-django-browser-reload~=1.13.0
+Django~=5.2
+django-browser-reload~=1.18.0
 python-decouple~=3.8
-sqlparse~=0.5.1
+sqlparse~=0.5.3