1 files changed, 21 insertions, 12 deletions

diff --git a/django/middleware/security.py b/django/middleware/security.py
index d2c2bf2d3f..1dd2204814 100644
--- a/django/middleware/security.py
+++ b/django/middleware/security.py
@@ -20,38 +20,47 @@ class SecurityMiddleware(MiddlewareMixin):
 
     def process_request(self, request):
         path = request.path.lstrip("/")
-        if (self.redirect and not request.is_secure() and
-                not any(pattern.search(path)
-                        for pattern in self.redirect_exempt)):
+        if (
+            self.redirect
+            and not request.is_secure()
+            and not any(pattern.search(path) for pattern in self.redirect_exempt)
+        ):
             host = self.redirect_host or request.get_host()
             return HttpResponsePermanentRedirect(
                 "https://%s%s" % (host, request.get_full_path())
             )
 
     def process_response(self, request, response):
-        if (self.sts_seconds and request.is_secure() and
-                'Strict-Transport-Security' not in response):
+        if (
+            self.sts_seconds
+            and request.is_secure()
+            and "Strict-Transport-Security" not in response
+        ):
             sts_header = "max-age=%s" % self.sts_seconds
             if self.sts_include_subdomains:
                 sts_header = sts_header + "; includeSubDomains"
             if self.sts_preload:
                 sts_header = sts_header + "; preload"
-            response.headers['Strict-Transport-Security'] = sts_header
+            response.headers["Strict-Transport-Security"] = sts_header
 
         if self.content_type_nosniff:
-            response.headers.setdefault('X-Content-Type-Options', 'nosniff')
+            response.headers.setdefault("X-Content-Type-Options", "nosniff")
 
         if self.referrer_policy:
             # Support a comma-separated string or iterable of values to allow
             # fallback.
-            response.headers.setdefault('Referrer-Policy', ','.join(
-                [v.strip() for v in self.referrer_policy.split(',')]
-                if isinstance(self.referrer_policy, str) else self.referrer_policy
-            ))
+            response.headers.setdefault(
+                "Referrer-Policy",
+                ",".join(
+                    [v.strip() for v in self.referrer_policy.split(",")]
+                    if isinstance(self.referrer_policy, str)
+                    else self.referrer_policy
+                ),
+            )
 
         if self.cross_origin_opener_policy:
             response.setdefault(
-                'Cross-Origin-Opener-Policy',
+                "Cross-Origin-Opener-Policy",
                 self.cross_origin_opener_policy,
             )
         return response