#15727: Add support for Content-Security-Policy (CSP) to core
-------------------------------+--------------------------------------
Reporter: db.pub.mail@… | Owner: Tom Forbes
Type: New feature | Status: assigned
Component: HTTP handling | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Comment (by Dylan Young):
One potential snag here is that I don't think Django can currently support
multiple of the same header currently (aside from Set-Cookie), unless
there's some API I'm missing...
Is this something there's interest in adding to core? It looks like the
python native wsgiref supports this as well:
https://docs.python.org/3/library/wsgiref.html?highlight=headers%20multi%20value
#module-wsgiref.headers.
See here:
https://github.com/w3c/webappsec-
csp/issues/215#:~:text=A%20server%20MUST%20NOT%20send,resource%20or%20with%20different%20resources.
I don't think it's critical, but it'd be nice as it's standards compliant
behaviour.
--
Ticket URL: <https://code.djangoproject.com/ticket/15727#comment:29>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/01070180e290d7f5-d3a7dac0-9b20-4b3f-a1fc-2d3a85e2658d-000000%40eu-central-1.amazonses.com.
