Closed bartoszbetka closed 5 years ago
We should handle security headers only on the one level to avoid duplicates and easier maintenance. We want to manage headers on the nginx level to handle additional endpoints that are not supported by django. Please delete django headers:
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection
Already merged
kbeker
commented
5 years ago
We should handle security headers only on the one level to avoid duplicates and easier maintenance. We want to manage headers on the nginx level to handle additional endpoints that are not supported by django. Please delete django headers:
X-Content-Type-OptionsX-Frame-OptionsX-XSS-Protection