See approved ticket: http://code.djangoproject.com/ticket/14261
There, Luke Plant said: """ +1, I was going to suggest it myself. The patch looks pretty good. After Django 1.3 is out, we should have some discussion on django-devs about: - what the default value should be (I think SAMEORIGIN would make it better for general use, with very little decrease in security). - whether we can avoid a new setting - whether the middleware should be on by default or in the project template. """ I already changed the patch to default to SAMEORIGIN instead of DENY, so that should be cool. So it seems the other two points are what's up for some discussion. Anything else? -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
