flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity

Merge pull request #410 from elnappo/secure-http

Browse Source 
Add some security HTTP Headers
This commit is contained in:
TW 2019-12-27 16:58:01 +01:00 committed by GitHub
commit 5edb9f768a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
requirements.d/all.txt
View File

@ -3,6 +3,7 @@ dnspython
netaddr netaddr
django~=1.11.0 django~=1.11.0
django-bootstrap-form django-bootstrap-form
django-referrer-policy
django-registration-redux django-registration-redux
django-extensions django-extensions
social-auth-app-django social-auth-app-django

1
setup.py
View File

@ -33,6 +33,7 @@ setup(
'netaddr', 'netaddr',
'django>=1.11.0', 'django>=1.11.0',
'django-bootstrap-form', 'django-bootstrap-form',
'django-referrer-policy',
'django-registration-redux', 'django-registration-redux',
'django-extensions', 'django-extensions',
'social-auth-app-django', 'social-auth-app-django',

7
src/nsupdate/settings/base.py
View File

@ -167,10 +167,12 @@ MIDDLEWARE = (
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware', 'django.middleware.locale.LocaleMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',
'django_referrer_policy.middleware.ReferrerPolicyMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',
'social_django.middleware.SocialAuthExceptionMiddleware', 'social_django.middleware.SocialAuthExceptionMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
) )
ROOT_URLCONF = 'nsupdate.urls' ROOT_URLCONF = 'nsupdate.urls'
@ -272,13 +274,16 @@ LOGIN_REDIRECT_URL = '/overview/'
LOGOUT_REDIRECT_URL = '/' LOGOUT_REDIRECT_URL = '/'
X_FRAME_OPTIONS = 'DENY' # for clickjacking middleware X_FRAME_OPTIONS = 'DENY' # for clickjacking middleware
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
REFERRER_POLICY = 'same-origin'
CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view' CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view'
# Settings for CSRF cookie. # Settings for CSRF cookie.
CSRF_COOKIE_NAME = 'csrftoken' CSRF_COOKIE_NAME = 'csrftoken'
CSRF_COOKIE_PATH = '/' CSRF_COOKIE_PATH = '/'
CSRF_COOKIE_HTTPONLY = False CSRF_COOKIE_HTTPONLY = True
# Settings for session cookie. # Settings for session cookie.
SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_NAME = 'sessionid'