1.update nginx_docklet.conf to forbid double slashes url.
2.add header into nginx to defend clickjacking.
3.Add CsrfProtect.
4.Forbid methods except for GET and POST in nginx.
5.change srcurl from http to ://
6.Add Message in login page when fail to login.
7.Add LoginFailMsg into model & Ban user if he input wrong password for many times.
1.update nginx_docklet.conf to forbid double slashes url. 2.add header into nginx to defend clickjacking. 3.Add CsrfProtect. 4.Forbid methods except for GET and POST in nginx. 5.change srcurl from http to :// 6.Add Message in login page when fail to login. 7.Add LoginFailMsg into model & Ban user if he input wrong password for many times.