Django Content Security Policy support.
Project description
django-simple-csp
A simple Middleware for adding CSP headers and nonces in Django
Usage
Requires Django >=1.10
Add it to MIDDLEWARE not MIDDLEWARE_CLASSES TODO: discribe in more detail
CSS
TODO: remove hash from the name of tag?
Example use of hashed inline style:
{% load csp %} {% csp_css_hash %} td.style-class { background-color: red; } {% end_csp_css_hash %}
usage inside of style=”…” attributes is not supported by chromium for now.
Javascript
Nonces
TODO: Change to hashes?
Example:
{% load csp %} <script nonce={% csp_js_nonce %}> alert("bla") </script>
Config Values
CSP_REPORT_URL = “” The URl CSP errors should be reportet to, set to “” if not used, or do not define it.
CSP_REPORT_ONLY = True Set the header to just report CSP errors do not enforce the CSP. Defaults to True.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for django-simple-csp-0.1.dev1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 425c71d47b79f75294807b00f029a49aac8af8404b534c4f5e79f2a8a7840b1a |
|
MD5 | 95d05dc1910dadc242040187f0022134 |
|
BLAKE2b-256 | 0a24068c3ab9c0bcaded037d081d4db226bd7729b0f2b160e457fd79c6ac339f |
Close
Hashes for django_simple_csp-0.1.dev1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8d7a8af39fac8f2989ac6a7dc7b2d01401e4cb54845eb516bf0fa3843aaaa7ee |
|
MD5 | 026f99ea83b98411b72655e0ae7fd087 |
|
BLAKE2b-256 | ccc8586a0a5cd654cfd7011dd876cd23178aba38fccfb7146659e42c2e1104dc |