Backend Settings And Environment
Backend Settings And Environment
Source of truth: backend/config/settings.py.
Environments
DJANGO_ENV controls environment behavior:
local(default): debug-friendly middleware, relaxed securityproduction: secure cookies, HSTS, stricter defaultstest: enables test behaviors and allowsTEST_DATABASE_URL
Implementation:
DJANGO_ENV,DEBUG,TEST_ENV,LOCAL_ENVare set at the top ofbackend/config/settings.py.
URLs And Cross-Subdomain Cookies
Important settings (production cross-subdomain frontend/backend):
SITE_URL: canonical frontend URLFRONTEND_URL: used for redirect URLs (Stripe returns, email links)BACKEND_URL: used for backend-generated URLs (media, etc.)CSRF_TRUSTED_ORIGINS,CORS_ALLOWED_ORIGINSSESSION_COOKIE_DOMAIN,CSRF_COOKIE_DOMAINSESSION_COOKIE_SAMESITEandCSRF_COOKIE_SAMESITE(defaults are environment-dependent)
See the production example: backend/.env.prod.example.
Middleware
Middleware order matters. The tenant middleware is applied after authentication:
apps.tenants.middleware.TenantMiddlewareapps.tenants.middleware.TenantRequiredMiddleware
Security middleware worth knowing:
apps.common.middleware.SecurityScannerBlockerMiddlewareblocks common scanner probes.
Stripe / Billing
Stripe settings live in backend/config/settings.py under # STRIPE and # BILLING / USAGE METERING.
Key env vars:
STRIPE_LIVE_MODESTRIPE_TEST_SECRET_KEY,STRIPE_TEST_PUBLIC_KEYSTRIPE_LIVE_SECRET_KEY,STRIPE_LIVE_PUBLIC_KEYDJSTRIPE_WEBHOOK_SECRET- Plan IDs:
STRIPE_STARTER_PRODUCT_ID,STRIPE_*_PRICE_ID,STRIPE_PRO_* - Usage mode:
BILLING_USAGE_MODE(defaults tointernal) - Credits mode:
BILLING_CREDITS_ENABLED
Last updated June 21, 2026