mirror of
https://github.com/django/django.git
synced 2025-10-05 21:09:33 +00:00
This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
The documentation in this tree is in plain text files and can be viewed using any text file viewer. It uses `ReST`_ (reStructuredText), and the `Sphinx`_ documentation system. This allows it to be built into other forms for easier viewing and browsing. To create an HTML version of the docs: * Install Sphinx (using ``python -m pip install Sphinx`` or some other method). * In this docs/ directory, type ``make html`` (or ``make.bat html`` on Windows) at a shell prompt. The documentation in ``_build/html/index.html`` can then be viewed in a web browser. .. _ReST: https://docutils.sourceforge.io/rst.html .. _Sphinx: https://www.sphinx-doc.org/