Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Make an exception for Django debug view #27

Closed
mitar opened this Issue · 2 comments

3 participants

Mitar James Socol Thomas Grainger
Mitar

Django page debug view uses inline JavaScript which does not work if CSP is enabled that page. When Django debug view is displayed instead of original page, CSP should be disabled (or at least allow inline script and other things necessary for Django debug view).

(By Django debug view I have in mind the error page which is displayed on exception or similar.)

James Socol
Collaborator
jsocol commented

I'm not 100% sure the best way to do this but I'm absolutely open to patches fixing it.

Thomas Grainger

probably monkey patch the csp_exempt decorator on top of them

Thomas Grainger graingert referenced this issue from a commit in graingert/django-csp
Thomas Grainger graingert disable CSP for django debug view Fixes #27 eb8f427
Thomas Grainger graingert referenced this issue from a commit in graingert/django-csp
Thomas Grainger graingert disable CSP for django debug view Fixes #27 982cd41
Thomas Grainger graingert referenced this issue from a commit in graingert/django-csp
Thomas Grainger graingert disable CSP for django debug view Fixes #27 0aff524
James Socol jsocol closed this issue from a commit
Thomas Grainger graingert disable CSP for django debug view Fixes #27
add test for django debug view csp exempt
97622fa
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.