Backend Settings And Environment

Backend Settings And Environment

Source of truth: backend/config/settings.py.

Environments

DJANGO_ENV controls environment behavior:

  • local (default): debug-friendly middleware, relaxed security
  • production: secure cookies, HSTS, stricter defaults
  • test: enables test behaviors and allows TEST_DATABASE_URL

Implementation:

  • DJANGO_ENV, DEBUG, TEST_ENV, LOCAL_ENV are set at the top of backend/config/settings.py.

URLs And Cross-Subdomain Cookies

Important settings (production cross-subdomain frontend/backend):

  • SITE_URL: canonical frontend URL
  • FRONTEND_URL: used for redirect URLs (Stripe returns, email links)
  • BACKEND_URL: used for backend-generated URLs (media, etc.)
  • CSRF_TRUSTED_ORIGINS, CORS_ALLOWED_ORIGINS
  • SESSION_COOKIE_DOMAIN, CSRF_COOKIE_DOMAIN
  • SESSION_COOKIE_SAMESITE and CSRF_COOKIE_SAMESITE (defaults are environment-dependent)

See the production example: backend/.env.prod.example.

Middleware

Middleware order matters. The tenant middleware is applied after authentication:

  • apps.tenants.middleware.TenantMiddleware
  • apps.tenants.middleware.TenantRequiredMiddleware

Security middleware worth knowing:

  • apps.common.middleware.SecurityScannerBlockerMiddleware blocks common scanner probes.

Stripe / Billing

Stripe settings live in backend/config/settings.py under # STRIPE and # BILLING / USAGE METERING.

Key env vars:

  • STRIPE_LIVE_MODE
  • STRIPE_TEST_SECRET_KEY, STRIPE_TEST_PUBLIC_KEY
  • STRIPE_LIVE_SECRET_KEY, STRIPE_LIVE_PUBLIC_KEY
  • DJSTRIPE_WEBHOOK_SECRET
  • Plan IDs: STRIPE_STARTER_PRODUCT_ID, STRIPE_*_PRICE_ID, STRIPE_PRO_*
  • Usage mode: BILLING_USAGE_MODE (defaults to internal)
  • Credits mode: BILLING_CREDITS_ENABLED

Last updated June 21, 2026