[Django] #36532: Add Content Security Policy (CSP) view decorators
11 views
Skip to first unread message
Django
Jul 30, 2025, 1:17:43 PM7/30/25
to django-...@googlegroups.com
#36532: Add Content Security Policy (CSP) view decorators
-----------------------------------------+----------------------------
Reporter: Rob Hudson | Owner: Rob Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+----------------------------
View decorators allow users to customize their CSP headers per-view.
Allowing to override the base CSP settings and disable the headers should
support most use cases.
--
Ticket URL: <https://code.djangoproject.com/ticket/36532>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
-----------------------------------------+----------------------------
Reporter: Rob Hudson | Owner: Rob Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+----------------------------
View decorators allow users to customize their CSP headers per-view.
Allowing to override the base CSP settings and disable the headers should
support most use cases.
--
Ticket URL: <https://code.djangoproject.com/ticket/36532>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Jul 30, 2025, 1:19:22 PM7/30/25
to django-...@googlegroups.com
#36532: Add Content Security Policy (CSP) view decorators
-------------------------------+--------------------------------------
Reporter: Rob Hudson | Owner: Rob Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Easy pickings: 0 | UI/UX: 0
Changes (by Rob Hudson):
* has_patch: 0 => 1
Comment:
Pull request: https://github.com/django/django/pull/19680
--
Ticket URL: <https://code.djangoproject.com/ticket/36532#comment:1>
Django
Jul 30, 2025, 2:13:08 PM7/30/25
to django-...@googlegroups.com
#36532: Add Content Security Policy (CSP) view decorators
-------------------------------+--------------------------------------
Reporter: Rob Hudson | Owner: Rob Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
-------------------------------+--------------------------------------
Reporter: Rob Hudson | Owner: Rob Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by Natalia Bidart):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
* stage: Unreviewed => Accepted
Comment:
Thank you! This is consistent with what we discussed in the CSP original
work, to allow splitting the feature in manageable chunks.
--
Ticket URL: <https://code.djangoproject.com/ticket/36532#comment:2>
Django
Jul 31, 2025, 2:04:04 PM7/31/25
to django-...@googlegroups.com
#36532: Add Content Security Policy (CSP) view decorators
-------------------------------+--------------------------------------
Reporter: Rob Hudson | Owner: Rob Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
-------------------------------+--------------------------------------
Reporter: Rob Hudson | Owner: Rob Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by Natalia Bidart):
* needs_better_patch: 0 => 1
-------------------------------+--------------------------------------
Changes (by Natalia Bidart):
--
Ticket URL: <https://code.djangoproject.com/ticket/36532#comment:3>
Django
Aug 23, 2025, 3:35:40 PM8/23/25
to django-...@googlegroups.com
#36532: Add Content Security Policy (CSP) view decorators
-------------------------------+--------------------------------------
Reporter: Rob Hudson | Owner: Rob Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
-------------------------------+--------------------------------------
Reporter: Rob Hudson | Owner: Rob Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by Rob Hudson):
-------------------------------+--------------------------------------
* needs_better_patch: 1 => 0
Comment:
Updated to separate the decorators as requested in the PR review.
--
Ticket URL: <https://code.djangoproject.com/ticket/36532#comment:4>
Django
Aug 28, 2025, 3:09:53 PM8/28/25
to django-...@googlegroups.com
#36532: Add Content Security Policy (CSP) view decorators
-------------------------------------+-------------------------------------
Reporter: Rob Hudson | Owner: Rob
| Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
| Hudson
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Natalia Bidart):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/36532#comment:5>
Django
Aug 28, 2025, 4:24:00 PM8/28/25
to django-...@googlegroups.com
#36532: Add Content Security Policy (CSP) view decorators
-------------------------------------+-------------------------------------
Reporter: Rob Hudson | Owner: Rob
| Hudson
Type: New feature | Status: closed
-------------------------------------+-------------------------------------
Reporter: Rob Hudson | Owner: Rob
| Hudson
Component: HTTP handling | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by nessita <124304+nessita@…>):
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* resolution: => fixed
* status: assigned => closed
Comment:
In [changeset:"550822bceea227b07445d1852c4376b663c09ea4" 550822bc]:
{{{#!CommitTicketReference repository=""
revision="550822bceea227b07445d1852c4376b663c09ea4"
Fixed #36532 -- Added Content Security Policy view decorators to override
or disable policies.
Co-authored-by: Natalia <124304+...@users.noreply.github.com>
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36532#comment:6>
Reply all
Reply to author
Forward
0 new messages