What is Django settings and configuration?

Django's settings.py is the central configuration file. Key settings: DEBUG = False # Never True in production SECRET_KEY = env("SECRET_KEY") # From environment ALLOWED_HOSTS = ["yourdomain.com", "www.yourdomain.com"] INSTALLED_APPS = ["django.contrib.admin", "django.contrib.auth", ..., "myapp"] DATABASES = {"default": {"ENGINE": "django.db.backends.postgresql", "NAME": env("DB_NAME"), "USER": env("DB_USER"), "PASSWORD": env("DB_PASSWORD"), "HOST": "localhost", "PORT": "5432"}} STATIC_URL = "/static/" STATIC_ROOT = BASE_DIR / "staticfiles" MEDIA_URL = "/media/" MEDIA_ROOT = BASE_DIR / "media" DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" AUTH_USER_MODEL = "accounts.User" LOGIN_URL = "/login/" LOGIN_REDIRECT_URL = "/dashboard/" EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend" EMAIL_HOST = "smtp.sendgrid.net". Multiple settings files: split into base.py, development.py, production.py: python manage.py runserver --settings=config.settings.development or set DJANGO_SETTINGS_MODULE env var. Environment variables: use django-environ or python-decouple: import environ; env = environ.Env(); env.read_env(). Security settings for production: SECURE_SSL_REDIRECT = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True SECURE_HSTS_SECONDS = 31536000 SECURE_CONTENT_TYPE_NOSNIFF = True X_FRAME_OPTIONS = "DENY". CORS: use django-cors-headers: CORS_ALLOWED_ORIGINS = ["https://frontend.example.com"].