From 71690830b4028c5802ef96862592d5255777df23 Mon Sep 17 00:00:00 2001
From: Thomas Roger Lux <thomas.roger-lux@developpement-durable.gouv.fr>
Date: Tue, 25 Mar 2025 11:08:40 +0100
Subject: [PATCH 1/3] Add middleware for security headers

---
 src/backend/partaj/middleware.py | 12 ++++++++++++
 src/backend/partaj/settings.py   |  1 +
 2 files changed, 13 insertions(+)
 create mode 100644 src/backend/partaj/middleware.py

diff --git a/src/backend/partaj/middleware.py b/src/backend/partaj/middleware.py
new file mode 100644
index 0000000000..ff8509ea24
--- /dev/null
+++ b/src/backend/partaj/middleware.py
@@ -0,0 +1,12 @@
+class HeadersMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+
+        response["X-Content-Type-Options"] = "nosniff"
+        response["X-XSS-Protection"] = 0
+        response["Content-Security-Policy"] = "upgrade-insecure-requests"
+
+        return response
\ No newline at end of file
diff --git a/src/backend/partaj/settings.py b/src/backend/partaj/settings.py
index 19c5b9c3aa..c685ed92b1 100644
--- a/src/backend/partaj/settings.py
+++ b/src/backend/partaj/settings.py
@@ -223,6 +223,7 @@ class Base(ElasticSearchMixin, SendinblueMixin, DRFMixin, Configuration):
         "impersonate.middleware.ImpersonateMiddleware",
         "django.middleware.clickjacking.XFrameOptionsMiddleware",
         "dockerflow.django.middleware.DockerflowMiddleware",
+        "partaj.middleware.HeadersMiddleware",
     ]
 
     ROOT_URLCONF = "partaj.urls"

From 32b70ca297652dd4eb356c745a916bd5d8219fd8 Mon Sep 17 00:00:00 2001
From: Thomas Roger Lux <thomas.roger-lux@developpement-durable.gouv.fr>
Date: Tue, 25 Mar 2025 11:19:15 +0100
Subject: [PATCH 2/3] Lord black sir

---
 src/backend/partaj/middleware.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/partaj/middleware.py b/src/backend/partaj/middleware.py
index ff8509ea24..d4f2c4bd3f 100644
--- a/src/backend/partaj/middleware.py
+++ b/src/backend/partaj/middleware.py
@@ -9,4 +9,4 @@ def __call__(self, request):
         response["X-XSS-Protection"] = 0
         response["Content-Security-Policy"] = "upgrade-insecure-requests"
 
-        return response
\ No newline at end of file
+        return response

From da0532723d16b6ffaa6f9441709a933a993b5706 Mon Sep 17 00:00:00 2001
From: Thomas Roger Lux <thomas.roger-lux@developpement-durable.gouv.fr>
Date: Tue, 25 Mar 2025 11:26:46 +0100
Subject: [PATCH 3/3] Add missing docstrings

---
 src/backend/partaj/middleware.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/backend/partaj/middleware.py b/src/backend/partaj/middleware.py
index d4f2c4bd3f..eb103790e1 100644
--- a/src/backend/partaj/middleware.py
+++ b/src/backend/partaj/middleware.py
@@ -1,4 +1,13 @@
+"""
+Partaj custom middlewares
+"""
+
+
 class HeadersMiddleware:
+    """
+    Middleware adding security headers to responses
+    """
+
     def __init__(self, get_response):
         self.get_response = get_response