#33180: Debug 500 HTML broken with strict Content-Security-Policy (CSP)
--------------------------------------+------------------------------------
Reporter: Adam Johnson | Owner: Jordan
Type: Cleanup/optimization | Status: closed
Component: Error reporting | Version: dev
Severity: Normal | Resolution: fixed
Keywords: CSP | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Natalia Bidart):
* cc: Collin Anderson (added)
* keywords: => CSP
* resolution: => fixed
* status: assigned => closed
Comment:
Thank you Rob! I can confirm that in the current `main` branch, the debug
500 view no longer triggers CSP violations when using strict policies.
Given this, I think we can consider the original report fixed. Moving
CSS/JS to dedicated files would introduce its own risks (for example,
chained failures if static file handling is the source of the error).
Since Django already allows projects to override the 500 view, it seems
best to leave the debug view as-is.
If there's a strong desire to explore isolated assets for the debug pages,
that feels like a separate feature request rather than part of this bug
report with the recent CSP features that Django merged into core.
--
Ticket URL: <https://code.djangoproject.com/ticket/33180#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/010701990a56db41-ca841c0c-d183-4ad7-b2db-8a14393b72c2-000000%40eu-central-1.amazonses.com.
