Summary
Django has a middleware that should always be used: https://docs.djangoproject.com/en/3.0/ref/middleware/#module-django.middleware.security
I think that Litestar should also have it out of the box.
What it does? It provide security-related headers for the responses.
X-Content-Type-Options: nosniff- Secure SSL settings: https://docs.djangoproject.com/en/3.0/ref/middleware/#http-strict-transport-security
Referrer-Policy: no-referrerheader (also supports other values: https://docs.djangoproject.com/en/3.0/ref/middleware/#referrer-policy)
There are also 3rd party django libs that also work in the same field:
- https://github.com/adamchainz/django-permissions-policy which sets
Permissions-Policyheader
Maybe something else that I forgot about?
All things should be customizable and work the regular way Litestar middleware works.
If others agree, I can work on this :)
Basic Example
No response
Drawbacks and Impact
No response
Unresolved questions
No response
How does funding with Polar work?
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too