Content-Security-Policy header for Django 1.8 SecurityMiddleware
83 views
Skip to first unread message
Rudolph
Nov 20, 2014, 3:23:26 AM11/20/14
to django-d...@googlegroups.com
Hi,
The SecurityMiddleware in Django 1.8 currently lacks one of the most powerful HTTP headers to limit what browsers allow. When correctly configured is helps to prevent XSS and other (injection) attacks. At the Django Under The Hood sprint (which was an awesome event!) I wrote a pull request with tests and documentation: https://github.com/django/django/pull/3550, could someone who has been working on the new SecurityMiddleware review this pull request? The related ticket is over here: https://code.djangoproject.com/ticket/15727
Thanks!
Rudolph
The SecurityMiddleware in Django 1.8 currently lacks one of the most powerful HTTP headers to limit what browsers allow. When correctly configured is helps to prevent XSS and other (injection) attacks. At the Django Under The Hood sprint (which was an awesome event!) I wrote a pull request with tests and documentation: https://github.com/django/django/pull/3550, could someone who has been working on the new SecurityMiddleware review this pull request? The related ticket is over here: https://code.djangoproject.com/ticket/15727
Thanks!
Rudolph
Reply all
Reply to author
Forward
0 new messages