mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 10:59:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.

Browse source
This commit is contained in:
Claude Paroz 2019-08-02 17:16:01 +02:00 committed by Mariusz Felisiak
parent 8b4a43dda7
commit 0468159763
4 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/ref/settings.txt
View file

@ -2191,12 +2191,16 @@ header if you support older browsers.
``SECURE_CONTENT_TYPE_NOSNIFF``
-------------------------------
Default: ``False``
Default: ``True``
If ``True``, the :class:`~django.middleware.security.SecurityMiddleware`
sets the :ref:`x-content-type-options` header on all responses that do not
already have it.
.. versionchanged:: 3.0
In older versions, the default value is ``False``.
.. setting:: SECURE_HSTS_INCLUDE_SUBDOMAINS
``SECURE_HSTS_INCLUDE_SUBDOMAINS``