mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-18 18:55:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
33681 commits 29 branches 451 tags 696 MiB
Commit graph

26 commits

Author SHA1 Message Date
Rob Hudson
d63241ebc7 Fixed #15727 -- Added Content Security Policy (CSP) support. 
This initial work adds a pair of settings to configure specific CSP
directives for enforcing or reporting policy violations, a new
`django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the
appropriate headers to responses, and a context processor to support CSP
nonces in templates for safely inlining assets.

Relevant documentation has been added for the 6.0 release notes,
security overview, a new how-to page, and a dedicated reference section.

Thanks to the multiple reviewers for their precise and valuable feedback.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
 2025-06-27 15:57:02 -03:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style. 
https://github.com/psf/black/releases/tag/24.1.0
 2024-01-26 12:45:07 +01:00
Mariusz Felisiak
c7276a9cb9
Refs #34695 -- Added tests for check for CSRF_FAILURE_VIEW signature with valid class-based view. 2023-07-11 10:46:34 +02:00
Mariusz Felisiak
1299bc33e1
Refs #33526 -- Made CSRF_COOKIE_SECURE/SESSION_COOKIE_SECURE/SESSION_COOKIE_HTTPONLY don't pass on truthy values. 2022-02-21 07:54:47 +01:00
Mariusz Felisiak
7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
tschilling
0dcd549bbe Fixed #30360 -- Added support for secret key rotation. 
Thanks Florian Apolloner for the implementation idea.

Co-authored-by: Andreas Pelme <andreas@pelme.se>
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Vuyisile Ndlovu <terrameijar@gmail.com>
 2022-02-01 11:12:24 +01:00
bankc
db5b75f10f Fixed #31840 -- Added support for Cross-Origin Opener Policy header. 
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
 2021-03-30 19:59:24 +02:00
Hasan Ramezani
ba3fb2e4d0
Refs #32311 -- Fixed CSRF_FAILURE_VIEW system check errors code. 2021-01-12 11:22:13 +01:00
Hasan Ramezani
64331419c8
Fixed #32311 -- Added system check for CSRF_FAILURE_VIEW setting. 2021-01-12 09:44:36 +01:00
Artem Kosenko
b7f500396e Fixed #31757 -- Adjusted system check for SECRET_KEY to warn about autogenerated default keys. 
Thanks Nick Pope, René Fleschenberg, and Carlton Gibson for reviews.
 2020-11-11 12:45:34 +01:00
Adam Johnson
ffde4d5da8
Normalized check framework test pattern. 2020-03-21 20:14:02 +01:00
Nick Pope
406dba04e1 Fixed #29406 -- Added support for Referrer-Policy header. 
Thanks to James Bennett for the initial implementation.
 2019-09-09 13:35:41 +02:00
Adnan Umer
c5075360c5 Fixed #30680 -- Removed obsolete system check for SECURE_BROWSER_XSS_FILTER setting. 2019-08-05 18:44:08 +02:00
Mariusz Felisiak
362813d628
Fixed hanging indentation in various code. 2018-03-16 10:54:34 +01:00
Mariusz Felisiak
83a36ac49a
Removed unnecessary trailing commas and spaces in various code. 2017-12-28 21:07:29 +01:00
Tim Graham
d334f46b7a Refs #26601 -- Removed support for old-style middleware using settings.MIDDLEWARE_CLASSES. 2017-01-17 20:52:04 -05:00
Tim Graham
c27104a9c7 Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security. 2016-12-19 17:56:58 -05:00
Raphael Michel
33e86b3488 Refs #16859 -- Disabled CSRF_COOKIE_* checks when using CSRF_USE_SESSIONS. 2016-12-17 09:59:48 -05:00
Ed Morley
7399fee6c3 Refs #26947 -- Added a deployment system check for SECURE_HSTS_PRELOAD. 2016-08-10 20:31:01 -04:00
Florian Apolloner
9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005. 
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
 2016-05-17 07:22:22 -04:00
Josh Soref
93452a70e8 Fixed many spelling mistakes in code, comments, and docs. 2015-12-03 12:48:24 -05:00
rroskam
ed514caed2 Fixed #24966 -- Added deployment system check for empty ALLOWED_HOSTS. 2015-07-15 09:18:58 -04:00
Simon Charette
be67400b47 Refs #24652 -- Used SimpleTestCase where appropriate. 2015-05-20 13:46:13 -04:00
Tim Graham
0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Tim Graham
52ef6a4726 Fixed #17101 -- Integrated django-secure and added check --deploy option 
Thanks Carl Meyer for django-secure and for reviewing.

Thanks also to Zach Borboa, Erik Romijn, Collin Anderson, and
Jorge Carleitao for reviews.
 2014-09-12 15:05:23 -04:00