Clickjacking middleware

This commit is contained in:
Martin Mahner 2013-05-28 23:00:41 +00:00
parent 30dd414a0f
commit 49edeecca0
2 changed files with 5 additions and 1 deletions

View file

@ -89,7 +89,7 @@ MIDDLEWARE_CLASSES = (
'dpaste.disable.DisableCSRF', 'dpaste.disable.DisableCSRF',
'django.middleware.common.CommonMiddleware', 'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware',
#'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',
) )
TEMPLATE_CONTEXT_PROCESSORS += ( TEMPLATE_CONTEXT_PROCESSORS += (

View file

@ -24,6 +24,8 @@ server {
ssl_certificate /srv/dpaste.de/var/ssl/dpaste_de_unified.crt; ssl_certificate /srv/dpaste.de/var/ssl/dpaste_de_unified.crt;
ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_de.key; ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_de.key;
add_header Strict-Transport-Security max-age=31536000;
include /srv/dpaste.de/src/dpaste/server/nginx_server.conf; include /srv/dpaste.de/src/dpaste/server/nginx_server.conf;
} }
@ -34,5 +36,7 @@ server {
ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt; ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt;
ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_org.key; ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_org.key;
add_header Strict-Transport-Security max-age=31536000;
include /srv/dpaste.de/src/dpaste/server/nginx_server.conf; include /srv/dpaste.de/src/dpaste/server/nginx_server.conf;
} }