Evolinx/evorepo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set two more security headers

Browse Source 
Enable X-Content-Type-Options to prevent a browser from sniffing the
MIME type if the content type is not set. Enable cross site filter
protection supported by most browsers.
This commit is contained in:
Jelle van der Waa 2019-01-28 21:28:24 +01:00
parent e8e80f357f
commit 5895b2a221
No known key found for this signature in database
GPG Key ID: C06086337C50773E
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
settings.py
View File

@ -51,6 +51,7 @@
'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.middleware.http.ConditionalGetMiddleware', 'django.middleware.http.ConditionalGetMiddleware',
) )
@ -81,6 +82,12 @@
# Clickjacking protection # Clickjacking protection
X_FRAME_OPTIONS = 'DENY' X_FRAME_OPTIONS = 'DENY'
# X-Content-Type-Options, stops browsers from trying to MIME-sniff the content type
SECURE_CONTENT_TYPE_NOSNIFF = True
# X-XSS-Protection, enables cross-site scripting filter in most browsers
SECURE_BROWSER_XSS_FILTER = True
# Use new test runner # Use new test runner
TEST_RUNNER = 'django.test.runner.DiscoverRunner' TEST_RUNNER = 'django.test.runner.DiscoverRunner'