mozilla/django-csp issues and pull requests

#247 - Footgun when accessing nonce value in a middleware

Issue - State: open - Opened by alynn-coefficient 23 days ago - 8 comments

#246 - Modal that loads new view/template into another view/template doesn't respect the CSP; Fails to run scripts.

Issue - State: closed - Opened by ChefCodev about 1 month ago - 1 comment

#245 - Add Python 3.13, drop EOL Python 3.8

Pull Request - State: closed - Opened by robhudson about 1 month ago

#244 - Prepare for 4.0b2 release

Pull Request - State: closed - Opened by robhudson 2 months ago

#243 - Add Django 5.1 to the test matrix

Pull Request - State: closed - Opened by robhudson 2 months ago

#242 - Fix #230: Make REPORT_PERCENTAGE a float

Pull Request - State: closed - Opened by robhudson 2 months ago

#241 - Documentation incorrectly shows EXCLUDE_URL_PREFIXES as a list of strings instead of a tuple of strings

Issue - State: closed - Opened by wnicolaas 2 months ago - 4 comments

#240 - reportMissingImports

Issue - State: closed - Opened by omidshojaee 3 months ago - 3 comments

#239 - Fix a couple docs examples

Pull Request - State: closed - Opened by robhudson 4 months ago

#238 - Docs: Fix typos in configuration.rst and decorators.rst

Pull Request - State: closed - Opened by jcari-dev 4 months ago

#237 - refactor(middleware): Refactor internals of CSPMiddleware so that it's easier to extend existing logic without copy/pasting it into subclass

Pull Request - State: closed - Opened by crbunney 4 months ago - 2 comments

#236 - Fix #231: report percentage of 100% should always report

Pull Request - State: closed - Opened by robhudson 4 months ago

#235 - Add support for reporting endpoints headers

Issue - State: open - Opened by robhudson 4 months ago

#234 - Expand the ruff config to include import sorting and others.

Pull Request - State: closed - Opened by robhudson 5 months ago

#233 - Add missing report-only from csp replace example

Pull Request - State: closed - Opened by jamesbeith 5 months ago

#232 - docs: Add that `REPORT_PERCENTAGE` requires the rate-limiting middleware in the configuration docs

Issue - State: open - Opened by robhudson 5 months ago

#231 - When REPORT_PERCENTAGE is set to 100%, the `report-uri` directive is not always included in the CSP header

Issue - State: closed - Opened by robhudson 5 months ago - 2 comments

#230 - [Beta] Report percentage cannot be smaller than 1%

Issue - State: closed - Opened by janbrasna 5 months ago - 2 comments

#229 - docs: Differentiate between "None" and `NONE` in directives

Issue - State: open - Opened by janbrasna 5 months ago

#228 - Add type hints, fix mypy issues (#198)

Pull Request - State: closed - Opened by jwhitlock 5 months ago - 3 comments

#227 - Update tox.ini for Django 3.2, pypy, github actions

Pull Request - State: closed - Opened by jwhitlock 5 months ago - 1 comment

#226 - Use simple logical operator in middleware

Pull Request - State: closed - Opened by sevdog 5 months ago - 2 comments

#225 - Prep for 4.0b1 release

Pull Request - State: closed - Opened by robhudson 5 months ago

#224 - Fix `report_only` to `REPORT_ONLY` in decorator docs

Pull Request - State: closed - Opened by robhudson 5 months ago - 1 comment

#223 - Move to NONCE sentinel instead of 'include-nonce-in'

Pull Request - State: closed - Opened by robhudson 5 months ago

#222 - Add constants for CSP keywords

Pull Request - State: closed - Opened by robhudson 5 months ago

#221 - Change import path to `django_csp` - breaking change

Issue - State: closed - Opened by robhudson 6 months ago - 1 comment

#220 - Remove MPL header

Pull Request - State: closed - Opened by robhudson 6 months ago

#219 - Restructure CSP Configuration with Streamlined Settings (backwards incompatible)

Pull Request - State: closed - Opened by robhudson 7 months ago - 1 comment

#218 - Update pre-commit, add pyproject-fmt, run on all files

Pull Request - State: closed - Opened by robhudson 7 months ago

#217 - Prepare for 3.8 final release

Pull Request - State: closed - Opened by stevejalim 9 months ago

#216 - Tomlify setup.py

Pull Request - State: closed - Opened by hmpf 9 months ago - 2 comments

#215 - Prepare for 3.8rc release

Pull Request - State: closed - Opened by stevejalim 10 months ago - 2 comments

#214 - Update GH actions helpers to use Node 20-based versions

Pull Request - State: closed - Opened by stevejalim 10 months ago

#213 - Bring codebase up to modern Python using pyupgrade

Pull Request - State: closed - Opened by stevejalim 10 months ago - 1 comment

#212 - Create csp.extensions.NoncedStyle extension

Issue - State: open - Opened by GergelyKalmar 10 months ago - 3 comments
Labels: feature, help-wanted

#211 - MiddlewareMixin is always present in django>=3.2

Pull Request - State: closed - Opened by asottile-sentry 10 months ago - 2 comments

#210 - Update settings documentation to move deprecated-within-csp settings to their own section, at the bottom

Pull Request - State: closed - Opened by stevejalim 10 months ago

#209 - Move project to pyproject.toml

Issue - State: closed - Opened by stevejalim 10 months ago - 1 comment
Labels: help-wanted

#208 - Improve themeing in RTD

Pull Request - State: closed - Opened by stevejalim 10 months ago

#207 - Add Sphinx RTD theme

Pull Request - State: closed - Opened by stevejalim 10 months ago

#206 - Ensure docs building has access to django_csp itself

Pull Request - State: closed - Opened by stevejalim 10 months ago

#205 - Add readthedocs config and slightly update Sphinx config

Pull Request - State: closed - Opened by stevejalim 10 months ago

#204 - Reawaken development

Pull Request - State: closed - Opened by stevejalim 10 months ago - 1 comment

#203 - Support different sets of rules for paths like /admin

Issue - State: open - Opened by robvdl 10 months ago - 8 comments
Labels: feature

#202 - Add support for csp_clear decorator.

Pull Request - State: closed - Opened by tim-schilling 11 months ago - 1 comment

#201 - Support clearing/unsetting directives via decorator

Issue - State: open - Opened by tim-schilling 11 months ago - 7 comments

#200 - Wrap the test install with quotes.

Pull Request - State: closed - Opened by tim-schilling 11 months ago

#199 - Remove package six

Pull Request - State: closed - Opened by wongcht about 1 year ago - 1 comment

#198 - interested in adding typing (mypy) support?

Issue - State: closed - Opened by asottile-sentry over 1 year ago - 4 comments

#197 - Deprecated Features

Issue - State: open - Opened by some1ataplace over 1 year ago - 5 comments
Labels: Release: 3.8

#195 - adjust docs for recent (3.2+) django settings

Pull Request - State: closed - Opened by alee almost 2 years ago

#194 - Documentation for context processor

Issue - State: closed - Opened by sagejason almost 2 years ago - 5 comments

#193 - Remove outdated docs reference to MIDDLEWARE_CLASSES

Pull Request - State: closed - Opened by mlazar-endear almost 2 years ago - 1 comment

#192 - Allow direct editing of build policy output

Issue - State: open - Opened by dgabrahams almost 2 years ago - 1 comment

#191 - Don't include nonces in default-src when CSP_INCLUDE_NONCE_IN is unset / an empty list

Issue - State: closed - Opened by juspence almost 2 years ago - 3 comments

#190 - Backwards compatible method of adding 'strict-dynamic' as suffix

Issue - State: closed - Opened by dgabrahams almost 2 years ago - 1 comment

#189 - WIP: updates for latest Django and Python

Pull Request - State: closed - Opened by stevejalim about 2 years ago

#188 - Building the wheel doesn't work

Issue - State: closed - Opened by papoteur-mga about 2 years ago - 4 comments

#187 - Unrecognized Content Security Policy directive 'worker-src' in Safari Browser

Issue - State: closed - Opened by sandeepks230 about 2 years ago - 2 comments

#186 - State of project

Issue - State: closed - Opened by benzkji over 2 years ago - 9 comments

#185 - GH-182 Update docs to clarify when nonce will not be added to headers

Pull Request - State: closed - Opened by DylanYoung over 2 years ago - 1 comment

#184 - New release?

Issue - State: closed - Opened by bobwhitelock over 2 years ago - 11 comments

#183 - updating csp_replace decorator doc

Pull Request - State: closed - Opened by chestnutcone almost 3 years ago - 1 comment

#182 - `CSP_INCLUDE_NONCE_IN` not working?

Issue - State: closed - Opened by javulticat almost 3 years ago - 4 comments

#181 - Modify CSP based on database?

Issue - State: closed - Opened by CodeMonk about 3 years ago - 1 comment

#180 - docs: add note about nonce value visibility

Pull Request - State: closed - Opened by g-k about 3 years ago

#179 - GH 36

Pull Request - State: closed - Opened by g-k over 3 years ago - 1 comment

#178 - fix unwrap script re

Pull Request - State: closed - Opened by g-k over 3 years ago

#177 - Update CI badge to CircleCI

Pull Request - State: closed - Opened by g-k over 3 years ago

#176 - rename default branch

Pull Request - State: closed - Opened by g-k over 3 years ago

#175 - Drop old Django and Python versions

Pull Request - State: closed - Opened by g-k over 3 years ago - 2 comments
Labels: breaking-change

#174 - Update CI badge to CircleCI

Pull Request - State: closed - Opened by g-k over 3 years ago

#173 - broken admin filters

Issue - State: closed - Opened by rmmineiro over 3 years ago - 3 comments

#172 - Update test configuration to cover up to Py3.9 and Django 3.2

Pull Request - State: closed - Opened by mkoistinen over 3 years ago

#171 - add project_urls to setup.py

Pull Request - State: closed - Opened by pawl over 3 years ago - 1 comment

#170 - Decorators depending on request method types

Pull Request - State: closed - Opened by erdimeola over 3 years ago - 1 comment

#169 - Decorators depending on request method types

Issue - State: open - Opened by erdimeola over 3 years ago - 3 comments
Labels: feature

#168 - Documentation needs to be updated to mention INSTALLED_APPS

Issue - State: closed - Opened by Flimm over 3 years ago - 4 comments

#167 - nonce, request.csp_nonce and {% script %} all fail to render a nonce

Issue - State: closed - Opened by Flimm over 3 years ago - 8 comments

#166 - Drop old Django and Python versions

Pull Request - State: closed - Opened by adamchainz over 3 years ago - 3 comments

#165 - Fix 164 migrate ci

Pull Request - State: closed - Opened by g-k almost 4 years ago

#164 - Travis CI free usage ends Dec 3; mozilla repos should switch to other CI platforms

Issue - State: closed - Opened by hwine almost 4 years ago

#163 - Update installation.rst

Pull Request - State: closed - Opened by Jesus805 about 4 years ago

#162 - Middleware order

Issue - State: closed - Opened by Jesus805 about 4 years ago - 1 comment

#161 - Fix unwrap_script regex

Pull Request - State: closed - Opened by dannyrohde about 4 years ago - 2 comments

#160 - Added support and documentation for Trusted Types

Pull Request - State: closed - Opened by meggles711 over 4 years ago - 6 comments

#159 - Vulnerability How To Trick CSP

Issue - State: closed - Opened by 9mido over 4 years ago - 1 comment

#158 - Added support for trusted types #157

Pull Request - State: closed - Opened by dhvcc over 4 years ago - 1 comment

#157 - Adding Support for Trusted Types

Issue - State: closed - Opened by meggles711 over 4 years ago - 2 comments

#156 - Add an example of a "strict" security policy to the configuration docs

Issue - State: open - Opened by meggles711 over 4 years ago - 6 comments
Labels: good first issue

#155 - Fix RegEx to unwrap scripts in utils.py

Pull Request - State: closed - Opened by dannyrohde over 4 years ago - 4 comments

#154 - Remove deprecation warning for child-src

Pull Request - State: closed - Opened by rik over 4 years ago - 1 comment

#153 - Maintaining config from Django Admin

Issue - State: closed - Opened by jbothma over 4 years ago - 2 comments

#152 - use 128 bits base64 encoded for nonce per spec Fixes #148

Pull Request - State: closed - Opened by graingert over 4 years ago

GitHub / mozilla/django-csp issues and pull requests