summaryrefslogtreecommitdiff
path: root/django/template/context_processors.py
AgeCommit message (Collapse)Author
2026-05-06Fixed #36784 -- Added csp_nonce_attr template tag for CSP nonce inclusion.Natalia
New default tag `{% csp_nonce_attr %}` was added for explicit CSP nonce inclusion into `<script>` and `<link>` elements. `{% csp_nonce_attr %}` renders `nonce="<value>"` when `csp_nonce` is present in the template context, and renders nothing otherwise. `{% csp_nonce_attr media %}` renders a `Media` object's assets with the nonce attr applied to each tag. Thanks Jacob Walls for the accurate and spot on review comments. Co-authored-by: Johannes Maron <johannes@maron.family>
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-06-27Fixed #15727 -- Added Content Security Policy (CSP) support.Rob Hudson
This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2020-07-30Bumped minimum isort version to 5.1.0.David Smith
Fixed inner imports per isort 5. isort 5.0.0 to 5.1.0 was unstable.
2017-04-26Replaced temporary lists used for passing arguments with iterables.Jon Dufresne
2017-02-17Refs #27656 -- Updated django.template/tag docstring verbs according to PEP 257.Anton Samarchyan
2017-01-30Refs #23919 -- Assumed request COOKIES and META are strClaude Paroz
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-09-03Replaced smart_* by force_* calls whenever possibleClaude Paroz
The smart_* version should only be used when a lazy string should keep its lazy status.
2016-04-09Fixed #26145 -- Made debug context processor return queries for all databases.Mounir Messelmeni
2015-11-07Simplified dict initialization in two places.Dmitry Dygalo
2015-08-31Fixed #25331 -- Removed trailing blank lines in docstrings.Maxime Lorant
2015-02-08Simplified the lazy CSRF token implementation in csrf context processor.Alex Gaynor
This significantly improves performance on PyPy. The previous implementation would generate a new class on every single request, which is relatively slow.
2014-12-28Deprecated TEMPLATE_CONTEXT_PROCESSORS.Aymeric Augustin
2014-12-28Moved context_processors from django.core to django.template.Aymeric Augustin