mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 22:26:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #15727 -- Added Content Security Policy (CSP) support.

Browse Source 
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.

Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.

Thanks to the multiple reviewers for their precise and valuable feedback.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
This commit is contained in:
Rob Hudson
2025-05-03 10:01:58 -07:00
committed by nessita
parent 3f59711581
commit d63241ebc7
26 changed files with 1192 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/context_processors/views.py
View File

@@ -13,3 +13,7 @@ def debug_processor(request):
"other_debug_objects": DebugObject.objects.using("other"),
}
return render(request, "context_processors/debug.html", context)
def csp_nonce_processor(request):
return render(request, "context_processors/csp_nonce.html")