Add Django's SecurityMiddleware.

Review Request #13818 — Created May 2, 2024 and submitted

Information

Review Board
release-7.x

Reviewers

Django provides a middleware for setting up various security options.
The vast majority of these are things that are highly dependent on the
particulars of the deployment, but using any of them require the
middleware to be enabled. With this, server admins could set up things
like HSTS or referrer policies by setting the relevant keys in their
settings_local.py file.

This change adds it to our middleware, and turns on
X-Content-Type-Options: nosniff, which is harmless to our normal usage,
and can prevent a bunch of complaining from some security scanning
tools.

  • Ran unit tests.
  • Loaded a page and verified that the nosniff header was now present.
Summary ID
Add Django's SecurityMiddleware.
Django provides a middleware for setting up various security options. The vast majority of these are things that are highly dependent on the particulars of the deployment, but using any of them require the middleware to be enabled. With this, server admins could set up things like HSTS or referrer policies by setting the relevant keys in their settings_local.py file. This change adds it to our middleware, and turns on X-Content-Type-Options: nosniff, which is harmless to our normal usage, and can prevent a bunch of complaining from some security scanning tools. Testing Done: - Ran unit tests. - Loaded a page and verified that the nosniff header was now present.
dd7648e7f24e1cf21426043dca11fd88a3593a5a
maubin
  1. Ship It!
  2. 
      
chipx86
  1. Ship It!
  2. 
      
david
Review request changed
Status:
Completed
Change Summary:
Pushed to release-7.x (8080d21)