From f7354c02bac2e7032b8c48733697b82b86907b11 Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@archlinux.org>
Date: Sun, 10 May 2026 19:55:52 +0200
Subject: [PATCH 1/2] settings: drop long deprecated AUTH_PROFILE_MODULE

This was deprecated in Django 1.5 and removed in 1.7.
---
 settings.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/settings.py b/settings.py
index b3b6c5d3..055ccd99 100644
--- a/settings.py
+++ b/settings.py
@@ -45,9 +45,6 @@
 LOGIN_URL = '/login/'
 LOGIN_REDIRECT_URL = '/'
 
-# Set django's User stuff to use our profile model
-AUTH_PROFILE_MODULE = 'devel.UserProfile'
-
 MIDDLEWARE = (
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',

From 44232debe68bfc53e059ab0cf485ec505dea484d Mon Sep 17 00:00:00 2001
From: Jelle van der Waa <jelle@archlinux.org>
Date: Sun, 10 May 2026 19:58:32 +0200
Subject: [PATCH 2/2] settings: Remove SECURE_BROWSER_XSS_FILTER

This option was removed in Django 4.0.
---
 settings.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/settings.py b/settings.py
index 055ccd99..d3ae2f9e 100644
--- a/settings.py
+++ b/settings.py
@@ -94,9 +94,6 @@
 # X-Content-Type-Options, stops browsers from trying to MIME-sniff the content type
 SECURE_CONTENT_TYPE_NOSNIFF = True
 
-# X-XSS-Protection, enables cross-site scripting filter in most browsers
-SECURE_BROWSER_XSS_FILTER = True
-
 # CSP Settings
 CSP_DEFAULT_SRC = ("'self'",)
 CSP_SCRIPT_SRC = ("'self'",)