Skip to main content
Python Software Foundation 20th Year Anniversary Fundraiser  Donate today!

Django Content Security Policy support.

Project description


A simple Middleware for adding CSP headers and nonces in Django


Requires Django >=1.10

Add it to the INSTALLED_APPS settings variable:





TODO: remove hash from the name of tag?

Example use of hashed inline style:

{% load csp %}
{% csp_css_hash %} {
        background-color: red;
{% end_csp_css_hash %}

usage inside of style=”…” attributes is not supported by chromium for now.



TODO: Change to hashes?


{% load csp %}
<script nonce={% csp_js_nonce %}>

Config Values

CSP_REPORT_URL = “” The URl CSP errors should be reportet to, set to “” if not used, or do not define it.

CSP_REPORT_ONLY = True Set the header to just report CSP errors do not enforce the CSP. Defaults to True.

CSP_ADDITIONAL_SCRIPT_SRC = [] List of additional hosts javascript is allowed to be loaded from

CSP_ADDITIONAL_STYLE_SRC = [] List of additional hosts CSS is allowed to be loaded from

CSP_ADDITIONAL_IMG_SRC = [] List of additional hosts images is allowed to be loaded from

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-simple-csp, version 0.2.dev1
Filename, size File type Python version Upload date Hashes
Filename, size django_simple_csp-0.2.dev1-py3-none-any.whl (9.5 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size django-simple-csp-0.2.dev1.tar.gz (3.5 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page