Hi. (This is quite preliminary but...)
So we added support for Referrer-Policy in 3.0 https://docs.djangoproject.com/en/3.0/ref/middleware/#referrer-policy This added the SECURE_REFERRER_POLICY setting. We have a Someday/Maybe Permissions-Policy (was Feature-Policy). for https://code.djangoproject.com/ticket/30746 Then a proposal for a new one Cross-Origin Opener Policy https://code.djangoproject.com/ticket/31840 > This can be implemented in a similar way to the Referrer-Policy header in the security middleware. But are we going to continue to add settings along this line, one for every new header that comes up? Maybe, but I feel like we might need to review how we handle such things. One thought that has come up (here and elsewhere) is that it would be good if Middleware could be configured with parameters without having to subclass. I wonder if (I suspect) that has come up as an idea before? Otherwise does anyone have thoughts on this issue? (Maybe we can just keep adding settings — we have a lot for *_COOKIE_* for example.) Thanks, Carlton -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/f35d51f3-83d2-4ace-a288-daef7c31abe4o%40googlegroups.com.
