mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-07 07:15:35 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting.

Browse Source
This commit is contained in:
Adnan Umer
2019-08-05 17:23:50 +05:00
committed by Mariusz Felisiak
parent 05964b2198
commit c5075360c5
4 changed files with 6 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/ref/checks.txt
View File

@@ -369,7 +369,8 @@ The following checks are run if you use the :option:`check --deploy` option:
set to ``True``, so your pages will not be served with an
``'X-XSS-Protection: 1; mode=block'`` header. You should consider enabling
this header to activate the browser's XSS filtering and help prevent XSS
attacks.
attacks. *This check is removed in Django 3.0 as the ``X-XSS-Protection``
header is no longer honored by modern browsers.*
* **security.W008**: Your :setting:`SECURE_SSL_REDIRECT` setting is not set to
``True``. Unless your site should be available over both SSL and non-SSL
connections, you may want to either set this setting to ``True`` or configure