| Age | Commit message (Collapse) | Author |
|
The CSP report test relied on the debug view having a CSP error,
which has been fixed in 3e4e0db. This commit added a custom
view to reintroduce the same error to verify the reporting
behavior.
Follow-up to 3e4e0db66961a48a080ff3ff91f6c0d954261366.
|
|
disable policies.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.
Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.
Thanks to the multiple reviewers for their precise and valuable feedback.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Fixed bug in get_callable() that caused resolve() to put a string
in ResolverMatch.func.
- Made ResolverMatch.url_name match the actual url name (or None).
- Updated tests that used the string value in ResolverMatch.func, and
added regression tests for this bug.
- Corrected test urls whose dummy view paths caused failures (behavior
that was previously masked by this bug).
|