#15727: out of the box support for CSP would totally rock!
-----------------------------------------+-----------------------------
Reporter: db.pub.mail@… | Owner: nobody
Type: New feature | Status: new
Milestone: | Component: HTTP handling
Version: 1.2 | Severity: Normal
Resolution: | Keywords:
Triage Stage: Someday/Maybe | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 |
-----------------------------------------+-----------------------------
Comment (by lukeplant):
Replying to [comment:5 d1b]:
> a new template tag could be added to transform inline js into js
included and served from a given location(that the CSP policy allows).
Sounds wonderful! Patch welcome :-)
(To explain what may not come over well on Trac: I'm implying that there
are multiple significant problems with this suggestion that would need to
be solved before it was practical. A solution to them isn't necessarily
impossible, but will at least require quite a lot of work. What is written
above is only one step away from saying "A new 'magic wand' feature could
be added to Django that makes the problems with using CSP disappear, and
then it would be sensible to add it". Indeed it would be...).
> I sent an email reply but it was blocked :/
I don't know what you mean by an email reply - all emails sent from Trac
are from the '[email protected]' address.
--
Ticket URL: <http://code.djangoproject.com/ticket/15727#comment:6>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.