Fixed #15727 -- Added Content Security Policy (CSP) support.

This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.

Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.

Thanks to the multiple reviewers for their precise and valuable feedback.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

1 files changed, 17 insertions, 0 deletions

diff --git a/tests/context_processors/templates/context_processors/csp_nonce.html b/tests/context_processors/templates/context_processors/csp_nonce.html
new file mode 100644
index 0000000000..13612e3840
--- /dev/null
+++ b/tests/context_processors/templates/context_processors/csp_nonce.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>CSP Nonce Test</title>
+</head>
+<body>
+    <h1>CSP Nonce Test</h1>
+    <p>CSP Nonce is present: {{ csp_nonce }}</p>
+    <script nonce="{{ csp_nonce }}">
+        console.log("This script is allowed to run due to the nonce.");
+    </script>
+    <script>
+        console.log("This script might be blocked by CSP if a nonce is required.");
+    </script>
+</body>
+</html>