#15727: Add support for Content-Security-Policy (CSP) to core
-------------------------------------+-------------------------------------
Reporter: db.pub.mail@… | Owner: Rob
| Hudson
Type: New feature | Status: closed
Component: HTTP handling | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by nessita <124304+nessita@…>):
* resolution: => fixed
* status: assigned => closed
Comment:
In [changeset:"d63241ebc7067fdebbaf704989b34fcd8f26bbe9" d63241e]:
{{{#!CommitTicketReference repository=""
revision="d63241ebc7067fdebbaf704989b34fcd8f26bbe9"
Fixed #15727 -- Added Content Security Policy (CSP) support.
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.
Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.
Thanks to the multiple reviewers for their precise and valuable feedback.
Co-authored-by: Natalia <[email protected]>
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/15727#comment:51>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070197b2c023fa-28beda97-e59e-4967-b9c1-c9b0617a8af0-000000%40eu-central-1.amazonses.com.
