Hi, The SecurityMiddleware in Django 1.8 currently lacks one of the most powerful HTTP headers to limit what browsers allow. When correctly configured is helps to prevent XSS and other (injection) attacks. At the Django Under The Hood sprint (which was an awesome event!) I wrote a pull request with tests and documentation: https://github.com/django/django/pull/3550, could someone who has been working on the new SecurityMiddleware review this pull request? The related ticket is over here: https://code.djangoproject.com/ticket/15727
Thanks! Rudolph -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/6acc19d6-2bac-41c2-8203-7d141b166d0c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
