Skip to content
Snippets Groups Projects
Verified Commit 49978081 authored by Eliot Berriot's avatar Eliot Berriot
Browse files

See #880: added XSS filter and content-type nosniff headers

parent 6290ded7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
api/config/settings/common.py
+ 3
0
View file @ 49978081
...@@ -222,6 +222,7 @@ INSTALLED_APPS = ( ...@@ -222,6 +222,7 @@ INSTALLED_APPS = (
# MIDDLEWARE CONFIGURATION # MIDDLEWARE CONFIGURATION
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
MIDDLEWARE = ( MIDDLEWARE = (
"django.middleware.security.SecurityMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware",
"corsheaders.middleware.CorsMiddleware", "corsheaders.middleware.CorsMiddleware",
"funkwhale_api.common.middleware.SPAFallbackMiddleware", "funkwhale_api.common.middleware.SPAFallbackMiddleware",
...@@ -398,6 +399,8 @@ ASGI_APPLICATION = "config.routing.application" ...@@ -398,6 +399,8 @@ ASGI_APPLICATION = "config.routing.application"
# This ensures that Django will be able to detect a secure connection # This ensures that Django will be able to detect a secure connection
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
# AUTHENTICATION CONFIGURATION # AUTHENTICATION CONFIGURATION
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment