Enhancement: provide security middleware

[sobolevn]

Summary

Django has a middleware that should always be used: https://docs.djangoproject.com/en/3.0/ref/middleware/#module-django.middleware.security

I think that Litestar should also have it out of the box.

What it does? It provide security-related headers for the responses.

• X-Content-Type-Options: nosniff
• Secure SSL settings: https://docs.djangoproject.com/en/3.0/ref/middleware/#http-strict-transport-security
• Referrer-Policy: no-referrer header (also supports other values: https://docs.djangoproject.com/en/3.0/ref/middleware/#referrer-policy)

There are also 3rd party django libs that also work in the same field:

• https://github.com/adamchainz/django-permissions-policy which sets Permissions-Policy header

Maybe something else that I forgot about?

All things should be customizable and work the regular way Litestar middleware works.

If others agree, I can work on this :)

Basic Example

No response

Drawbacks and Impact

No response

Unresolved questions

No response

---

Note

While we are open for sponsoring on GitHub Sponsors and
OpenCollective, we also utilize Polar.sh to engage in pledge-based sponsorship.

Check out all issues funded or available for funding on our Polar.sh dashboard

• If you would like to see an issue prioritized, make a pledge towards it!
• We receive the pledge once the issue is completed & verified
• This, along with engagement in the community, helps us know which features are a priority to our users.