Merge branch 'secure_headers' into 'master'
Add secure headers Closes #28 See merge request archlinux/archmanweb!28
This commit is contained in:
commit
7a646a2149
|
@ -2,7 +2,7 @@
|
|||
|
||||
## Dependencies
|
||||
|
||||
pacman -S pyalpm python-chardet python-django python-psycopg2 python-requests python-xtarfile
|
||||
pacman -S pyalpm python-chardet python-django python-django-csp python-psycopg2 python-requests python-xtarfile
|
||||
|
||||
## Installation
|
||||
|
||||
|
|
20
settings.py
20
settings.py
|
@ -17,8 +17,28 @@ MIDDLEWARE = [
|
|||
"django.middleware.common.CommonMiddleware",
|
||||
# https://docs.djangoproject.com/en/3.1/ref/csrf/
|
||||
"django.middleware.csrf.CsrfViewMiddleware",
|
||||
# https://docs.djangoproject.com/en/3.1/ref/clickjacking/
|
||||
"django.middleware.clickjacking.XFrameOptionsMiddleware",
|
||||
# https://docs.djangoproject.com/en/3.1/ref/middleware/#django.middleware.security.SecurityMiddleware
|
||||
"django.middleware.security.SecurityMiddleware",
|
||||
# https://django-csp.readthedocs.io/en/latest/
|
||||
"csp.middleware.CSPMiddleware",
|
||||
]
|
||||
|
||||
# Referrer Policy
|
||||
SECURE_REFERRER_POLICY = 'no-referrer-when-downgrade'
|
||||
|
||||
# X-XSS-Protection, enables cross-site scripting filter in most browsers
|
||||
SECURE_BROWSER_XSS_FILTER = True
|
||||
|
||||
# CSP Settings
|
||||
CSP_DEFAULT_SRC = ("'self'",)
|
||||
CSP_SCRIPT_SRC = ("'none'",)
|
||||
CSP_IMG_SRC = ("'self'",)
|
||||
CSP_BASE_URI = ("'none'",)
|
||||
CSP_FORM_ACTION = ("'self'",)
|
||||
CSP_FRAME_ANCESTORS = ("'none'",)
|
||||
|
||||
# Base of the URL hierarchy
|
||||
ROOT_URLCONF = "urls"
|
||||
|
||||
|
|
Loading…
Reference in New Issue