Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Branch: master
Commits on May 13, 2014
  1. @jsocol

    Merge pull request #43 from clouserw/doc

    jsocol authored
    add script-src to docs
  2. @clouserw

    add script-src to docs

    clouserw authored
Commits on Mar 13, 2014
  1. @jsocol

    Merge pull request #41 from kezabelle/master

    jsocol authored
    Test & proposed fix for GH #40
Commits on Mar 11, 2014
  1. @kezabelle

    Fixes #40

    kezabelle authored
    project settings in the form of CSP_IMG_SRC = ('x', 'y') (a tuple) won't throw a TypeError when trying to use a decorator to update a specific view.
    Test case added in 89a66c9 passes.
  2. @kezabelle
Commits on Dec 10, 2013
  1. Drop fabfile.

    James Socol authored
Commits on Nov 19, 2013
  1. Version 2.0.3.

    James Socol authored
Commits on Nov 5, 2013
  1. @jsocol

    Merge pull request #34 from graingert/patch-4

    jsocol authored
    disable CSP for django debug view Fixes #27
  2. @graingert

    disable CSP for django debug view Fixes #27

    graingert authored
    add test for django debug view csp exempt
Commits on Jul 1, 2013
  1. @jsocol

    Merge pull request #31 from freddyb/patch-1

    jsocol authored
    add warning for csp exceptions
  2. changed wording of csp exception warning

    Frederik B authored
  3. @jsocol

    Merge pull request #32 from freddyb/patch-2

    jsocol authored
    update link to spec and header name
  4. update link to spec and header name

    Frederik B authored
  5. add warning for csp exceptions

    Frederik B authored
    I found it notable to point out that XSS on one path gives DOM/XMLHttpRequest access to all other paths.
    CSP exceptions sound like a bad idea to me, but might still be justifiable on secure subpages which underwent a higher level of scrutiny.
    I hope this is valid sphinx syntax and shows a warning box. My knowledge in this area is limited.. :)
Commits on Jun 7, 2013
  1. @jsocol


    jsocol authored
  2. @jsocol

    Grr. v2.0.1.

    jsocol authored
    [ci skip]
  3. @jsocol

    Clean up and tag v2.0.1.

    jsocol authored
    * NOT version 200.
    * Drop templates from and package_data.
    * Add long_description.
    * Update copyright.
  4. @jsocol


    jsocol authored
  5. @jsocol

    Include build status in README.

    jsocol authored
    [ci skip]
  6. @jsocol

    Add CHANGES and fix a stray doc.

    jsocol authored
    [ci skip]
  7. @jsocol

    Add contributing doc.

    jsocol authored
  8. @jsocol

    Fix flake8 violations.

    jsocol authored
  9. @jsocol

    Simplify test running and requirements.

    jsocol authored
    Drop the heavy-weight, slow-to-install Fabric.
  10. @jsocol

    Drop unused test urlconf.

    jsocol authored
  11. @jsocol

    Excise report processing features. Fix #30.

    jsocol authored
    * Drop models.
    * Drop migrations.
    * Drop admin.
    * Drop URLconf.
    * Drop views.
    * Drop templates.
    * Drop exceptions.
    * Drop signals.
    * Drop relevant docs.
    * Clean up imports.
    * Clean up test settings.
  12. @jsocol

    Set SECRET_KEY for tests.

    jsocol authored
  13. @jsocol

    Update Django requirement.

    jsocol authored
  14. @jsocol

    Update docs.

    jsocol authored
  15. @jsocol

    Add a couple of missing tests.

    jsocol authored
  16. @jsocol

    Add policy-modifying decorators.

    jsocol authored
    Fix #11 by adding @csp_update. Fix #12 by adding @csp_replace.
  17. @jsocol

    Make middleware use config, update, replace.

    jsocol authored
    Pull optional attributes off the response and pass them to build_policy.
  18. @jsocol
  19. @jsocol

    Enable updating or replacing rules from settings.

    jsocol authored
    Prep work for decorators.
  20. @jsocol

    Refactor and test build_policy.

    jsocol authored
    In prep for overriding decorators, refactor build_policy and add tests
    for each individual settings.
  21. @jsocol
Something went wrong with that request. Please try again.