flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity

Add X-XSS-Protection and X-Content-Type-Option HTTP Header

Browse Source
This commit is contained in:
Fabian Weisshaar 2018-12-29 20:24:41 +01:00
parent 78616cdd78
commit 5b930d07fc
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/nsupdate/settings/base.py
View File

@ -171,6 +171,7 @@ MIDDLEWARE = (
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',
'social_django.middleware.SocialAuthExceptionMiddleware', 'social_django.middleware.SocialAuthExceptionMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
) )
ROOT_URLCONF = 'nsupdate.urls' ROOT_URLCONF = 'nsupdate.urls'
@ -272,6 +273,8 @@ LOGIN_REDIRECT_URL = '/overview/'
LOGOUT_REDIRECT_URL = '/' LOGOUT_REDIRECT_URL = '/'
X_FRAME_OPTIONS = 'DENY' # for clickjacking middleware X_FRAME_OPTIONS = 'DENY' # for clickjacking middleware
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view' CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view'