Suggestion: Tips around migrating from Django's SecurityMiddleware and XFrameOptionsMiddleware

[OscarVanL]

Hi!

This package has been intriguing to me as someone that maintains both a Django and Flask application. I like the idea of having a single source-of-truth on our security header configuration across frameworks for maintenance reasons.

One apprehension to switching is this package is a little bit of ambiguity about migrating from an existing Django application with its built-in SecurityMiddleware and XFrameOptionsMiddleware middlewares installed.

I'd love it if the Django README gave some pointers about migrating from these middlewares, perhaps with an example of an equivalent config.

[cak]

Thanks for the feedback, Oscar! I’m not as well-versed in Django development, so this is really useful. I’ll look into the native security middlewares and work on adding more detailed guidance on migrating to secure. I’ll make sure to expand the Django documentation soon.

[OscarVanL]

Thanks! This is mostly a convenience ask, as I worked around this by reading the Django docs to see what headers these middlewares would set and which Django config items influenced them.