Skip to content

verticalscope/django-security-middleware

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
security_middleware
security_middleware
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENCE.txt
LICENCE.txt
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

Build Status

Django Security Middleware

This is some middleware I use for my own projects. You're welcome to it if you'd like.

SSL Middleware

security_middleware.middleware.SSLMiddleware

This middleware does two things. One, any non-https requests will get a 301 to the https version of the same URL. And two, it adds a Strict-Transport-Security header to all requests with a 1 year max age.

It can be disabled with the SSL_ENABLED setting.

Content Security Policy Middleware

security_middleware.middleware.ContentSecurityPolicyMiddleware

This middleware adds the Content-Security-Policy header. For more information, html5rocks has a good tutorial.

The exact rules are governed in settings like so:

CSP_HEADER = {
    "default-src": ("https:", "'self'"),
    "img-src": ("https://cdn.example.com",),
}

and so forth. Don't forget items that need to be quoted in the header need to be double quoted in the setting "'like this'".

XSS Protection Middleware

security_middleware.middleware.XSSProtectionMiddleware

Adds the header X-XSS-Protection: 1; mode=block to all requests.

No Sniff Middleware

security_middleware.middleware.NoSniffMiddleware

Adds the header X-Content-Type-Options: nosniff to all requests.

Tips welcome. :) 13q4ZK9BgR4ZhKq27KmkuaEkay1GBEoUuS

About

Some security bits I use for my projects

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • Python 100.0%