--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/f35d51f3-83d2-4ace-a288-daef7c31abe4o%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAJP%3DbzAF4%2Bsty9iRRBo3DabH9ZMGKf38-hnGzMZ4cJjry6OZtA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/3da2e385-551e-4905-83e8-7f2b99896f18o%40googlegroups.com.
Hi Y'all,
I suggested the addition of the COOP header. I don't have enough experience contributing to Django to know if the process of adding new headers should be streamlined. I am curious though if CORS or CORP support has ever been considered as a part of the security middleware. COOP is usually implemented with a header called Cross-origin Embedder Policy but it relies on CORS or CORP being set to a specific value. I know that currently Django projects use a middleware to handle CORS but we can't have a safe default for COEP set unless we know they are using this middleware. The middleware is also not a Mozilla repository.
Maybe now is a good time to add support for CORS/CORP while we are adding many other security headers? I would be interested in contributing to this and could submit a new issue for it or do it as a part of the COOP ticket.
Another +1 to Adam's Add_Headers idea. This would be an effective way of keeping up with new security standards for concerned developers but would offer no protection to the average Django user.
Thanks,
Megan
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAL13Cg8Uf3FdNtK6kbEdZ9Ja7sa5jhg4ptnUGotpzO8hj9B49g%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/26f74d84-4a8a-41a7-8824-e016e3e15dcfn%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/3ae8a31f-a53a-4415-8e51-6ce3faee85a1n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/ad7f2050-a28d-44ca-a6ba-dcc9405f93d0n%40googlegroups.com.
That would be counter to how all current dict based settings work, so I think it would be too surprising.