flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity

use django's clickjacking protection middleware

Browse Source
This commit is contained in:
Thomas Waldmann 2014-08-28 13:18:08 +02:00
parent dea3848b36
commit b6db7a33d8
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/security.rst
View File

@ -119,6 +119,12 @@ CSRF protection
We use Django's CSRF protection middleware. We use Django's CSRF protection middleware.
Clickjacking protection
=======================
We use Django's clickjacking protection middleware.
XSS protection XSS protection
============== ==============

5
nsupdate/settings/base.py
View File

@ -117,8 +117,7 @@ MIDDLEWARE_CLASSES = (
'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',
'social.apps.django_app.middleware.SocialAuthExceptionMiddleware', 'social.apps.django_app.middleware.SocialAuthExceptionMiddleware',
# Uncomment the next line for simple clickjacking protection: 'django.middleware.clickjacking.XFrameOptionsMiddleware',
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
) )
TEMPLATE_CONTEXT_PROCESSORS = DEFAULT_SETTINGS.TEMPLATE_CONTEXT_PROCESSORS + ( TEMPLATE_CONTEXT_PROCESSORS = DEFAULT_SETTINGS.TEMPLATE_CONTEXT_PROCESSORS + (
@ -232,6 +231,8 @@ ACCOUNT_ACTIVATION_DAYS = 7
LOGIN_REDIRECT_URL = '/overview/' LOGIN_REDIRECT_URL = '/overview/'
X_FRAME_OPTIONS = 'DENY' # for clickjacking middleware
CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view' CSRF_FAILURE_VIEW = 'nsupdate.main.views.csrf_failure_view'
# Settings for CSRF cookie. # Settings for CSRF cookie.