Add X-XSS-Protection and X-Content-Type-Option HTTP Header

2018-12-29 20:24:41 +01:00 · 2018-12-29 20:24:41 +01:00 · 5b930d07fc
commit 5b930d07fc
parent 78616cdd78
1 changed files with 3 additions and 0 deletions
--- a/src/nsupdate/settings/base.py
+++ b/src/nsupdate/settings/base.py
@ -171,6 +171,7 @@ MIDDLEWARE = (
    'django.contrib.messages.middleware.MessageMiddleware',
    'social_django.middleware.SocialAuthExceptionMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'django.middleware.security.SecurityMiddleware',
 )

 ROOT_URLCONF = 'nsupdate.urls'
@ -272,6 +273,8 @@ LOGIN_REDIRECT_URL = '/overview/'
 LOGOUT_REDIRECT_URL = '/'

 X_FRAME_OPTIONS = 'DENY'  # for clickjacking middleware
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_CONTENT_TYPE_NOSNIFF = True

 CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view'