mirror of
https://github.com/django/django.git
synced 2025-07-08 22:05:15 +00:00
d63241ebc7
This initial work adds a pair of settings to configure specific CSP directives for enforcing or reporting policy violations, a new `django.middleware.csp.ContentSecurityPolicyMiddleware` to apply the appropriate headers to responses, and a context processor to support CSP nonces in templates for safely inlining assets. Relevant documentation has been added for the 6.0 release notes, security overview, a new how-to page, and a dedicated reference section. Thanks to the multiple reviewers for their precise and valuable feedback. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
21 lines
719 B
Python
21 lines
719 B
Python
from django.urls import path, re_path
|
|
from django.views.debug import default_urlconf
|
|
|
|
from . import views
|
|
|
|
urlpatterns = [
|
|
path("noslash", views.empty_view),
|
|
path("slash/", views.empty_view),
|
|
path("needsquoting#/", views.empty_view),
|
|
# Accepts paths with two leading slashes.
|
|
re_path(r"^(.+)/security/$", views.empty_view),
|
|
# Should not append slash.
|
|
path("sensitive_fbv/", views.sensitive_fbv),
|
|
path("sensitive_cbv/", views.SensitiveCBV.as_view()),
|
|
# Used in CSP tests.
|
|
path("csp-failure/", default_urlconf),
|
|
path("csp-report/", views.csp_report_view),
|
|
path("csp-base/", views.empty_view),
|
|
path("csp-nonce/", views.csp_nonce),
|
|
path("csp-500/", views.csp_500),
|
|
]
|