Add support for new Content-Type (#91)

* Add support for new Content-Type - Add acceptable content types - New Content-Type should be "application/csp-report" - https://w3c.github.io/webappsec-csp/
sdelements · Mar 17, 2021 · 69a12d8 · 69a12d8
1 parent 26b69fe
commit 69a12d8
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/security/views.py b/security/views.py
@@ -8,6 +8,8 @@
 import logging
 log = logging.getLogger(__name__)
 
+ACCEPTABLE_CONTENT_TYPES = ['application/json', 'application/csp-report']
+
 
 def require_ajax(view):
     """
@@ -58,7 +60,7 @@ def csp_report(request, csp_save=False, csp_log=True):
         return HttpResponseForbidden()
 
     content_type = request.META.get('CONTENT_TYPE', None)
-    if content_type != 'application/json':
+    if content_type not in ACCEPTABLE_CONTENT_TYPES:
         log.debug('Missing CSP report Content-Type %s', request.META)
         return HttpResponseForbidden()