Make an exception for Django debug view #27

Closed
mitar opened this Issue Nov 11, 2012 · 2 comments

3 participants

@mitar

Django page debug view uses inline JavaScript which does not work if CSP is enabled that page. When Django debug view is displayed instead of original page, CSP should be disabled (or at least allow inline script and other things necessary for Django debug view).

(By Django debug view I have in mind the error page which is displayed on exception or similar.)

@jsocol
Mozilla member

I'm not 100% sure the best way to do this but I'm absolutely open to patches fixing it.

@graingert

probably monkey patch the csp_exempt decorator on top of them

@graingert graingert added a commit to graingert/django-csp that referenced this issue Nov 4, 2013
@graingert graingert disable CSP for django debug view Fixes #27 eb8f427
@graingert graingert added a commit to graingert/django-csp that referenced this issue Nov 4, 2013
@graingert graingert disable CSP for django debug view Fixes #27 982cd41
@graingert graingert added a commit to graingert/django-csp that referenced this issue Nov 5, 2013
@graingert graingert disable CSP for django debug view Fixes #27 0aff524
@jsocol jsocol pushed a commit that closed this issue Nov 5, 2013
@graingert graingert disable CSP for django debug view Fixes #27
add test for django debug view csp exempt
97622fa
@jsocol jsocol closed this in 97622fa Nov 5, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment