1
0
mirror of https://github.com/django/django.git synced 2025-10-20 12:19:11 +00:00

4 Commits

Author SHA1 Message Date
Rob Hudson
550822bcee Fixed #36532 -- Added Content Security Policy view decorators to override or disable policies.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-08-28 17:23:48 -03:00
Jacob Walls
d454aefbd1
Refs #15727 -- Captured failed request log in CSPMiddlewareTest. 2025-08-26 17:26:01 -04:00
django-bot
69a93a88ed Refs #36500 -- Rewrapped long docstrings and block comments via a script.
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
2025-07-23 20:17:55 -03:00
Rob Hudson
d63241ebc7 Fixed #15727 -- Added Content Security Policy (CSP) support.
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.

Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.

Thanks to the multiple reviewers for their precise and valuable feedback.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-06-27 15:57:02 -03:00