Commit a548a7e7 authored by Lars Kruse's avatar Lars Kruse
Browse files

feat(settings): enforce upcoming security setting default changes

Django 3.0 introduces some changes of security settings.
parent 262adde1
Pipeline #3162 failed with stages
in 3 minutes and 21 seconds
......@@ -216,6 +216,13 @@ ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_USERNAME_VALIDATORS = 'grouprise.features.gestalten.forms.username_validators'
# Backports of upcoming Django setting default changes
# Some security related settings are changed for new versions of Django. In some cases we want to
# use these new defaults before switching to the new version.
# These setting overrides can be removed as soon as grouprise requires a newer version of Django.
# New defaults introduced with Django 3.0:
SECURE_CONTENT_TYPE_NOSNIFF = True
X_FRAME_OPTIONS = 'DENY'
# Haystack
# https://django-haystack.readthedocs.io/
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment