From 1732ace5a055fd77b01226165b79783026edc142 Mon Sep 17 00:00:00 2001 From: Fabian Weisshaar Date: Tue, 5 Mar 2019 11:58:46 +0100 Subject: [PATCH] Add Referrer-Policy HTTP Header, #281 --- requirements.d/all.txt | 1 + setup.py | 1 + src/nsupdate/settings/base.py | 2 ++ 3 files changed, 4 insertions(+) diff --git a/requirements.d/all.txt b/requirements.d/all.txt index 21ba795..86afe67 100644 --- a/requirements.d/all.txt +++ b/requirements.d/all.txt @@ -3,6 +3,7 @@ dnspython netaddr django~=1.11.0 django-bootstrap-form +django-referrer-policy django-registration-redux django-extensions social-auth-app-django diff --git a/setup.py b/setup.py index 73e98ec..9171705 100644 --- a/setup.py +++ b/setup.py @@ -33,6 +33,7 @@ setup( 'netaddr', 'django>=1.11.0', 'django-bootstrap-form', + 'django-referrer-policy', 'django-registration-redux', 'django-extensions', 'social-auth-app-django', diff --git a/src/nsupdate/settings/base.py b/src/nsupdate/settings/base.py index 4565c71..e8722a4 100644 --- a/src/nsupdate/settings/base.py +++ b/src/nsupdate/settings/base.py @@ -167,6 +167,7 @@ MIDDLEWARE = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', + 'django_referrer_policy.middleware.ReferrerPolicyMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'social_django.middleware.SocialAuthExceptionMiddleware', @@ -275,6 +276,7 @@ LOGOUT_REDIRECT_URL = '/' X_FRAME_OPTIONS = 'DENY' # for clickjacking middleware SECURE_BROWSER_XSS_FILTER = True SECURE_CONTENT_TYPE_NOSNIFF = True +REFERRER_POLICY = 'same-origin' CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view'