nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-04-22 10:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enable django SecurityMiddleware, mitigates issue #1111.

Browse Source 
Signed-off-by: Johannes Keyser <johanneskeyser@posteo.de>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
This commit is contained in:
Johannes Keyser 2017-11-05 11:38:59 +01:00 committed by Joseph Nuthalapati
parent 6b1c78c3b0
commit 5fb68b459c
No known key found for this signature in database
GPG Key ID: 5398F00A2FA43C35
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
plinth/__main__.py
View File

@ -262,6 +262,7 @@ def configure_django():
LOGIN_REDIRECT_URL='index',
MESSAGE_TAGS={message_constants.ERROR: 'danger'},
MIDDLEWARE_CLASSES=(
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
@ -276,6 +277,8 @@ def configure_django():
'plinth.middleware.SetupMiddleware',
),
ROOT_URLCONF='plinth.urls',
SECURE_BROWSER_XSS_FILTER=True,
SECURE_CONTENT_TYPE_NOSNIFF=True,
SECURE_PROXY_SSL_HEADER=secure_proxy_ssl_header,
SESSION_ENGINE='django.contrib.sessions.backends.file',
SESSION_FILE_PATH=sessions_directory,