Opened 2 months ago
Closed 4 weeks ago
#36532 closed New feature (fixed)
Add Content Security Policy (CSP) view decorators
| Reported by: | Rob Hudson | Owned by: | Rob Hudson |
|---|---|---|---|
| Component: | HTTP handling | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
View decorators allow users to customize their CSP headers per-view. Allowing to override the base CSP settings and disable the headers should support most use cases.
Change History (6)
comment:1 by , 2 months ago
| Has patch: | set |
|---|
comment:2 by , 2 months ago
| Triage Stage: | Unreviewed → Accepted |
|---|
Thank you! This is consistent with what we discussed in the CSP original work, to allow splitting the feature in manageable chunks.
comment:3 by , 8 weeks ago
| Patch needs improvement: | set |
|---|
comment:4 by , 5 weeks ago
| Patch needs improvement: | unset |
|---|
Updated to separate the decorators as requested in the PR review.
comment:5 by , 4 weeks ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Note:
See TracTickets
for help on using tickets.
Pull request: https://github.com/django/django/pull/19680