Skip to content

Commit

Permalink
TP2000-1642 Missing application security header (#1378)
Browse files Browse the repository at this point in the history 
* Extend security middleware

* Move to middleware file rather than new folder
  • Loading branch information
@mattjamc @dalecannon
mattjamc authored and dalecannon committed Jan 10, 2025
1 parent 8488243 commit 689024a
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
11 changes: 11 additions & 0 deletions common/middleware.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from django.conf import settings
from django.middleware.security import SecurityMiddleware
from django.shortcuts import redirect
from django.urls import reverse

Expand All @@ -16,3 +17,13 @@ def __call__(self, request):

response = self.get_response(request)
return response


class CustomSecurityMiddleware(SecurityMiddleware):
"""Extends the security middleware to include the X-Permitted-Cross-Domain-
Policies HTTP response header."""

def process_response(self, request, response):
response = super().process_response(request, response)
response["X-Permitted-Cross-Domain-Policies"] = "none"
return response
2 changes: 1 addition & 1 deletion settings/common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@
]

MIDDLEWARE = [
"django.middleware.security.SecurityMiddleware",
"common.middleware.CustomSecurityMiddleware",
"whitenoise.middleware.WhiteNoiseMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"django.middleware.common.CommonMiddleware",
Expand Down

0 comments on commit 689024a

Please sign in to comment.