Comments (5)
It could be nice to mark them too in this documentation, would you like to submit a PR ?
from django-csp.
@robhudson Before I go and make the changes slated for 3.8, would you mind seeing if you agree here?
from django-csp.
Looking at the MDN pages vs our latest/3.7 documentation, I see the following directives are deprecated and/or need some sorting out.
Rule | Docs | Note | Drop or keep? | Target release |
---|---|---|---|---|
CSP_BLOCK_ALL_MIXED_CONTENT |
MDN docs | Warning: This directive is marked as obsolete in the specification: all mixed content is now blocked if it can't be autoupgraded. |
Deprecate in 3.8 docs; remove in 3.10/4.0 | 3.8, 3.10/4.0 |
CSP_PLUGIN_TYPES |
MDN docs | This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future. |
Keep and add note to django-csp documentation | 3.8 |
CSP_PREFETCH_SRC |
MDN docs | As above | As above | 3.8 |
CSP_REPORT_URI |
MDN docs | Warning: Though the report-to directive is intended to replace the deprecated report-uri directive, report-to isn't supported in most browsers yet. So for compatibility with current browsers while also adding forward compatibility when browsers get report-to support, you can specify both report-uri and report-to: |
Keep and update docs | 3.8 |
from django-csp.
The items tagged 3.8
, above, have updated documentation now. Keeping this issue open for the one tagged 3.9
from django-csp.
Related Issues (20)
- nonce, request.csp_nonce and {% script %} all fail to render a nonce HOT 8
- Documentation needs to be updated to mention INSTALLED_APPS HOT 4
- Decorators depending on request method types HOT 3
- broken admin filters HOT 3
- Modify CSP based on database? HOT 1
- `CSP_INCLUDE_NONCE_IN` not working? HOT 4
- New release? HOT 11
- State of project HOT 9
- Unrecognized Content Security Policy directive 'worker-src' in Safari Browser HOT 2
- Building the wheel doesn't work HOT 4
- Backwards compatible method of adding 'strict-dynamic' as suffix HOT 1
- Don't include nonces in default-src when CSP_INCLUDE_NONCE_IN is unset / an empty list HOT 3
- Allow direct editing of build policy output HOT 1
- Documentation for context processor HOT 5
- interested in adding typing (mypy) support? HOT 4
- Support clearing/unsetting directives via decorator HOT 7
- Support different sets of rules for paths like /admin HOT 8
- Move project to pyproject.toml HOT 1
- Create csp.extensions.NoncedStyle extension HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-csp.