Bird
0
0

You added this line in your Django middleware but the CSP header is not appearing in responses:

medium📝 Debug Q6 of 15
Django - Security Best Practices
You added this line in your Django middleware but the CSP header is not appearing in responses:
request['Content-Security-Policy'] = "default-src 'self'"

What is the error?
AThe header name is misspelled
BHeaders must be set on the response object, not request
CThe CSP value syntax is invalid
DMiddleware must return request, not response
Step-by-Step Solution
Solution:

  1. Step 1: Identify where headers belong

    HTTP headers are part of the response, so they must be set on the response object.

  2. Step 2: Recognize the mistake in code

    Setting header on request object does nothing for response headers.

  3. Final Answer:

    Headers must be set on the response object, not request -> Option B

  4. Quick Check:

    Set headers on response, not request [OK]
Quick Trick: Set CSP header on response, not request [OK]
Common Mistakes:
MISTAKES
  • Setting headers on request object
  • Misspelling header names
  • Returning request instead of response

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Async Django - Async views basics - Quiz 12easy Async Django - Async views basics - Quiz 4medium DRF Advanced Features - Throttling for rate limiting - Quiz 9hard Deployment and Production - WhiteNoise for static files - Quiz 11easy Django REST Framework Basics - Serializers for data conversion - Quiz 13medium Django REST Framework Basics - Browsable API interface - Quiz 9hard Security Best Practices - HTTPS and secure cookies - Quiz 8hard Signals - Custom signals - Quiz 4medium Signals - Why signals enable decoupled communication - Quiz 12easy Testing Django Applications - Testing views with Client - Quiz 2easy