Add Referrer-Policy HTTP Header, #281

2019-03-05 11:58:46 +01:00 · 2019-03-05 11:58:46 +01:00 · 1732ace5a0
commit 1732ace5a0
parent 5b930d07fc
3 changed files with 4 additions and 0 deletions
--- a/requirements.d/all.txt
+++ b/requirements.d/all.txt
@ -3,6 +3,7 @@ dnspython
 netaddr
 django~=1.11.0
 django-bootstrap-form
+django-referrer-policy
 django-registration-redux
 django-extensions
 social-auth-app-django
--- a/setup.py
+++ b/setup.py
@ -33,6 +33,7 @@ setup(
        'netaddr',
        'django>=1.11.0',
        'django-bootstrap-form',
+        'django-referrer-policy',
        'django-registration-redux',
        'django-extensions',
        'social-auth-app-django',
--- a/src/nsupdate/settings/base.py
+++ b/src/nsupdate/settings/base.py
@ -167,6 +167,7 @@ MIDDLEWARE = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
+    'django_referrer_policy.middleware.ReferrerPolicyMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'social_django.middleware.SocialAuthExceptionMiddleware',
@ -275,6 +276,7 @@ LOGOUT_REDIRECT_URL = '/'
 X_FRAME_OPTIONS = 'DENY'  # for clickjacking middleware
 SECURE_BROWSER_XSS_FILTER = True
 SECURE_CONTENT_TYPE_NOSNIFF = True
+REFERRER_POLICY = 'same-origin'

 CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view'