diff options
Diffstat (limited to 'django/middleware/security.py')
| -rw-r--r-- | django/middleware/security.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/django/middleware/security.py b/django/middleware/security.py index 7bcb72738e..296567432f 100644 --- a/django/middleware/security.py +++ b/django/middleware/security.py @@ -37,10 +37,10 @@ class SecurityMiddleware(MiddlewareMixin): sts_header = sts_header + "; preload" response["strict-transport-security"] = sts_header - if self.content_type_nosniff and 'x-content-type-options' not in response: - response["x-content-type-options"] = "nosniff" + if self.content_type_nosniff: + response.setdefault('x-content-type-options', 'nosniff') - if self.xss_filter and 'x-xss-protection' not in response: - response["x-xss-protection"] = "1; mode=block" + if self.xss_filter: + response.setdefault('x-xss-protection', '1; mode=block') return response |