mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #15727 -- Added Content Security Policy (CSP) support.

Browse Source 
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.

Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.

Thanks to the multiple reviewers for their precise and valuable feedback.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
This commit is contained in:
Rob Hudson
2025-05-03 10:01:58 -07:00
committed by nessita
parent 3f59711581
commit d63241ebc7
26 changed files with 1192 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/context_processors/urls.py
View File

@@ -5,4 +5,5 @@ from . import views
urlpatterns = [
path("request_attrs/", views.request_processor),
path("debug/", views.debug_processor),
path("csp_nonce/", views.csp_nonce_processor),
]