Refs #30426 -- Changed default SECURE_CONTENT_TYPE_NOSNIFF to True.

author: Claude Paroz <claude@2xlibre.net> 2019-08-02 17:16:01 +0200
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2019-08-18 13:17:49 +0200
commit: 04681597634a0c803246fe68b3bcb64f81e7305c (patch)
tree: 62cd12dd28ae7880b158c5ad104863d41b4c9013 /docs/releases/3.0.txt
parent: 8b4a43dda702fe72c254388f1be2c0c75b7a3efc (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/releases/3.0.txt b/docs/releases/3.0.txt
index bc9cbe3751..b6b3368337 100644
--- a/docs/releases/3.0.txt
+++ b/docs/releases/3.0.txt
@@ -519,6 +519,12 @@ Miscellaneous
   field names contains an asterisk, then the ``Vary`` header will consist of a
   single asterisk ``'*'``.
 
+* :setting:`SECURE_CONTENT_TYPE_NOSNIFF` setting now defaults to ``True``. With
+  the enabled :setting:`SECURE_CONTENT_TYPE_NOSNIFF`, the
+  :class:`~django.middleware.security.SecurityMiddleware` sets the
+  :ref:`x-content-type-options` header on all responses that do not already
+  have it.
+
 .. _deprecated-features-3.0:
 
 Features deprecated in 3.0
author	Claude Paroz <claude@2xlibre.net>	2019-08-02 17:16:01 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2019-08-18 13:17:49 +0200
commit	04681597634a0c803246fe68b3bcb64f81e7305c (patch)
tree	62cd12dd28ae7880b158c5ad104863d41b4c9013 /docs/releases/3.0.txt
parent	8b4a43dda702fe72c254388f1be2c0c75b7a3efc (diff)