yetangitu/funkwhale
1
0
Fork 0
mirror of https://code.eliotberriot.com/funkwhale/funkwhale.git synced 2025-10-03 21:29:16 +02:00
Code Issues Releases Wiki Activity

See #880: added XSS filter and content-type nosniff headers

Browse source
This commit is contained in:
Eliot Berriot 2019-07-10 15:09:43 +02:00
parent 6290ded7fa
commit 49978081b0
No known key found for this signature in database
GPG key ID: DD6965E2476E5C27
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
api/config/settings/common.py
View file

@ -222,6 +222,7 @@ INSTALLED_APPS = (
# MIDDLEWARE CONFIGURATION
# ------------------------------------------------------------------------------
MIDDLEWARE = (
"django.middleware.security.SecurityMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"corsheaders.middleware.CorsMiddleware",
"funkwhale_api.common.middleware.SPAFallbackMiddleware",
@ -398,6 +399,8 @@ ASGI_APPLICATION = "config.routing.application"
# This ensures that Django will be able to detect a secure connection
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
# AUTHENTICATION CONFIGURATION
# ------------------------------------------------------------------------------