| Age | Commit message (Collapse) | Author |
|
The CSP report test relied on the debug view having a CSP error,
which has been fixed in 3e4e0db. This commit added a custom
view to reintroduce the same error to verify the reporting
behavior.
Follow-up to 3e4e0db66961a48a080ff3ff91f6c0d954261366.
|
|
Thanks Thibaud Colas for the review.
|
|
disable policies.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
|
|
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.
Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.
Thanks to the multiple reviewers for their precise and valuable feedback.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|