Closed Bug 1275551 Opened 8 years ago Closed 8 years ago

Enable django security middleware

Categories

(Participation Infrastructure :: Phonebook, defect)

Product:
Participation Infrastructure
Component:
Phonebook
Version:
2016-5.2
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nemo-yiannis, Assigned: nemo-yiannis)

Details

Django 1.8 provides some new security features provided in django security middleware [1]. Let's enable it in mozillians.org.

[1] https://docs.djangoproject.com/en/1.8/ref/middleware/#module-django.middleware.security
Commits pushed to master at https://github.com/mozilla/mozillians

https://github.com/mozilla/mozillians/commit/19811b94ba364f1f104500abacee4d0d5bae1751
[Fix bug 1275551] Enable django security middleware.

Sets the following HTTP headers:
 - X-XSS-Protection: 1; mode=block
 - X-Content-Type-Options: nosniff

https://github.com/mozilla/mozillians/commit/78b97bf0f46bb552de885343a3cd3415aab12e7e
Merge pull request #1456 from johngian/1275551-django-sec-middleware

[Fix bug 1275551] Enable django security middleware.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → next
Assignee: nobody → jgiannelos
Target Milestone: next → ---
Version: other → next
Version: next → 2016-5.2
You need to log in before you can comment on or make changes to this bug.