Merge pull request #57 from sdelements/fix/update_docs_with_django_bu…

…iltin Update docs to refer 1.8+ Django users to official documentation
sdelements · Apr 3, 2017 · ab3693a · ab3693a
2 parents e218ffc + 0dbeb17
commit ab3693a
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/security/middleware.py b/security/middleware.py
@@ -148,6 +148,10 @@ class XssProtectMiddleware(BaseMiddleware):
 
       ``off``        completely disable XSS filter
 
+    **Note:** As of 1.8, Django's `SECURE_BROWSER_XSS_FILTER
+    <https://docs.djangoproject.com/en/1.8/ref/settings/#secure-browser-xss-filter>`_
+    controls the X-XSS-Protection header.
+
     Reference:
 
     - `Controlling the XSS Filter
@@ -199,6 +203,10 @@ class ContentNoSniff(object):
     mitigates attacks where web page would for example load a script that was
     disguised as an user- supplied image.
 
+    **Note:** As of 1.8, Django's `SECURE_CONTENT_TYPE_NOSNIFF
+    <https://docs.djangoproject.com/en/1.8/ref/settings/#secure-content-type-nosniff>`_
+    controls the X-Content-Type-Options header.
+
     Reference:
 
     - `MIME-Handling Change: X-Content-Type-Options: nosniff
@@ -727,6 +735,10 @@ class StrictTransportSecurityMiddleware(object):
       - ``STS_PRELOAD``               add ``preload`` flag to the STS header
         so that your website can be added to preloaded websites list
 
+    **Note:** As of 1.8, Django's `SECURE_HSTS_SECONDS
+    <https://docs.djangoproject.com/en/1.8/ref/settings/#secure-hsts-seconds>`_
+    controls the HTTP Strict Transport Security header.
+
     Reference:
 
     - `HTTP Strict Transport Security (HSTS)