Add Django's SecurityMiddleware.
Review Request #13818 — Created May 2, 2024 and submitted — Latest diff uploaded
Django provides a middleware for setting up various security options.
The vast majority of these are things that are highly dependent on the
particulars of the deployment, but using any of them require the
middleware to be enabled. With this, server admins could set up things
like HSTS or referrer policies by setting the relevant keys in their
settings_local.py file.This change adds it to our middleware, and turns on
X-Content-Type-Options: nosniff, which is harmless to our normal usage,
and can prevent a bunch of complaining from some security scanning
tools.
- Ran unit tests.
- Loaded a page and verified that the nosniff header was now present.