Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for both report-only and content-security CSP headers #50

Merged
merged 8 commits into from
Aug 19, 2020
Merged

Add support for both report-only and content-security CSP headers #50

merged 8 commits into from
Aug 19, 2020

Conversation

MartinPetkov
Copy link
Contributor

@MartinPetkov MartinPetkov commented Jul 4, 2016
edited
Loading

Also refactor init to reduce complexity and fix tox.ini and tox test failures

Fixes #44

funkaoshi
funkaoshi reviewed Jul 20, 2016
View reviewed changes
security/middleware.py Outdated
err_msg = 'Middleware requires either CSP_STRING or CSP_DICT setting'
report_err_msg = 'Middleware requires either CSP_REPORT_STRING, ' \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We prefer to do line continuation using brackets.

report_err_msg = (
    'Middleware requires either CSP_REPORT_STRING, '
    'CSP_REPORT_DICT setting, or neither. If neither, '
    ...    
)

@MartinPetkov MartinPetkov force-pushed the feature/44_support_both_csp_headers branch 2 times, most recently from 4cbcf6d to 8d2989a Compare July 20, 2016 21:55
funkaoshi
funkaoshi reviewed Jul 20, 2016
View reviewed changes
security/middleware.py Outdated
def __init__(self):
# sanity checks
csp_mode = getattr(django.conf.settings, 'CSP_MODE', None)
self._csp_mode = getattr(django.conf.settings, 'CSP_MODE') or 'enforce'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You still need the 'None'. If you don't supply CSP_MODE getattr will raise an exception.

@MartinPetkov MartinPetkov force-pushed the feature/44_support_both_csp_headers branch 2 times, most recently from 66236ad to c1383cb Compare July 21, 2016 17:05
@funkaoshi
Copy link
Contributor

Why @MartinPetkov !

@MartinPetkov
Copy link
Contributor Author

It's just been a while and I thought it was forggoten and no one was watching it. I'm happy to reopen and contribute it.

@MartinPetkov MartinPetkov reopened this Jul 29, 2020
@MartinPetkov MartinPetkov force-pushed the feature/44_support_both_csp_headers branch from c1383cb to 8a4c067 Compare July 29, 2020 17:10
@MartinPetkov
Copy link
Contributor Author

Rebased and updated. Tried running tox with Python 3.8, seems like only the Pep tests failed. PTAL.

Gee19
Gee19 reviewed Jul 30, 2020
View reviewed changes
testing/tests/tests.py Outdated Show resolved Hide resolved
@MartinPetkov MartinPetkov requested a review from Gee19 July 30, 2020 20:26
@Gee19
Copy link
Member

Gee19 commented Aug 6, 2020

Rebased and updated. Tried running tox with Python 3.8, seems like only the Pep tests failed. PTAL.

We need to stay pinned to python3.6 for the time being

@MartinPetkov
Copy link
Contributor Author

Rebased and updated. Tried running tox with Python 3.8, seems like only the Pep tests failed. PTAL.

We need to stay pinned to python3.6 for the time being

Done, reverted to Python 3.6. Tested with the python:3.6 docker container.

@MartinPetkov
Copy link
Contributor Author

Ping?

@sibartlett
Copy link

Sorry for the slow response, we’ve all been busy doing a two week hackathon. We’ll be starting regular sprint work again soon, so hopefully someone can take a look then 😄

@MartinPetkov
Copy link
Contributor Author

Sorry for the slow response, we’ve all been busy doing a two week hackathon. We’ll be starting regular sprint work again soon, so hopefully someone can take a look then 😄

Sounds good, just making sure it didn't get lost forever. Hope the hackathon was fun!

@Gee19
Copy link
Member

Gee19 commented Aug 19, 2020

Gave this a quick test, thanks for cleaning up all the flake8 warnings as well.

<3 @MartinPetkov

@Gee19 Gee19 merged commit 34efd06 into sdelements:master Aug 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gee19 Gee19 Awaiting requested review from Gee19

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for both enforcement and report-only modes deployed simultaneously
4 participants
@MartinPetkov @funkaoshi @Gee19 @sibartlett