Drop django-debreach due to the breach attach mitigation added in dja…

…ngo 4.2 https://docs.djangoproject.com/en/5.0/ref/middleware/\#django.middleware.gzip.GZipMiddleware
vintasoftware · May 27, 2024 · 46c7949 · 46c7949
1 parent 7034cf7
commit 46c7949
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 3 deletions.
diff --git a/README.md b/README.md
@@ -60,7 +60,6 @@ Also, includes a Render.com `render.yaml` and a working Django `production.py` s
 -   `sentry-sdk` for error monitoring
 -   `python-decouple` for reading environment variables on settings files
 -   `celery` for background worker tasks
--   `django-debreach` for additional protection against BREACH attack
 -   `django-csp` for setting the draft security HTTP header Content-Security-Policy
 -   `django-permissions-policy` for setting the draft security HTTP header Permissions-Policy
 -   `django-defender` for blocking brute force attacks against login

diff --git a/backend/project_name/settings/base.py b/backend/project_name/settings/base.py
@@ -44,7 +44,7 @@ def base_dir_join(*args):
 ]
 
 MIDDLEWARE = [
-    "debreach.middleware.RandomCommentMiddleware",
+    "django.middleware.gzip.GZipMiddleware",
     "django.middleware.security.SecurityMiddleware",
     "django_permissions_policy.PermissionsPolicyMiddleware",
     "whitenoise.middleware.WhiteNoiseMiddleware",

diff --git a/pyproject.toml b/pyproject.toml
@@ -16,7 +16,6 @@ django-webpack-loader = "^3.1.0"
 django-js-reverse = "^0.10.2"
 django-import-export = "^3.3.5"
 djangorestframework = "^3.14.0"
-django-debreach = "^2.1.0"
 python-decouple = "^3.8"
 psycopg = "^3.1.19"
 brotlipy = "^0.7.0"