Updates to PR are not reflected in Jenkins, checks failing

2020-08-31 Thread 'Megan Huber' via Django developers (Contributions to Django itself)
Hi All! I have an open PR and am having difficulty getting the Jenkins checks to pass. I have amended my original commit a few times but these changes are not reflected in Jenkins. One test, test_middleware_headers, was failing with my original comm

Ticket #31823 Fetch Metadata Request Headers

2020-08-03 Thread 'Megan Huber' via Django developers (Contributions to Django itself)
Hi Everyone, TL;DR: This ticket was triaged to “Someday/Maybe” due to concerns over Fetch Metadata Request Headers being experimental and not supported by all browsers. I would like to address these concerns and hear them in more detail to see if we can add more protection for Django users no

Re: Rethink (?) how we handle security headers.

2020-08-03 Thread 'Megan Huber' via Django developers (Contributions to Django itself)
Hi Y'all, I suggested the addition of the COOP header. I don't have enough experience contributing to Django to know if the process of adding new headers should be streamlined. I am curious though if CORS or CORP support has ever been considered as a part of the security middleware. COOP is