update to django-csp 4.0

07440fbd · Bryan BRANCOTTE · 32b068c4 · 07440fbd · 07440fbd
Commit 07440fbd authored 7 months ago by Bryan BRANCOTTE
--- a/src/strass/requirements.txt
+++ b/src/strass/requirements.txt
@@ -28,5 +28,5 @@ tqdm
 gunicorn
 qrcode[pil]
 python-magic # to check mime type
-django-csp
+django-csp>=4.0
 #END OF FILE
--- a/src/strass/strass/settings.py
+++ b/src/strass/strass/settings.py
@@ -251,34 +251,37 @@ FILE_UPLOAD_MAX_MEMORY_SIZE = 10485760  # 10Mo
 ################################################################################
 # DJANGO CSP, and DJANGO CSP REPORTS
 ################################################################################
-CSP_DEFAULT_SRC = [
+CONTENT_SECURITY_POLICY = {
+    'DIRECTIVES': {
+        'default-src': [
            "'self'",
-    "*",
+            '*',
-]
+        ],
-CSP_SCRIPT_SRC = [
+        'script-src': [
            "'self'",
-    "cdn.datatables.net",
+            'cdn.datatables.net',
-    "cdnjs.cloudflare.com",
+            'cdnjs.cloudflare.com',
-    "code.jquery.com",
+            'code.jquery.com',
-    "plausible.pasteur.cloud",
+            'plausible.pasteur.cloud',
-    "stackpath.bootstrapcdn.com",
+            'stackpath.bootstrapcdn.com',
-    "cdn.jsdelivr.net",
+            'cdn.jsdelivr.net',
-    "www.googletagmanager.com",
+            'www.googletagmanager.com',
-    "www.google-analytics.com",
+            'www.google-analytics.com',
-]
+        ],
-CSP_STYLE_SRC = [
+        'style-src': [
            "'self'",
            "'unsafe-inline'",
            '*',
-]
+        ],
-CSP_IMG_SRC = [
+        'img-src': [
            "'self'",
            "*",
            "data:",
-]
+        ],
-CSP_EXCLUDE_URL_PREFIXES = (
+        'report-uri': reverse_lazy('cspmailreports:csp-report'),
-    # "/candidate/",
+    },
-)
+    'EXCLUDE_URL_PREFIXES': (),
-CSP_REPORT_URI = reverse_lazy('cspmailreports:csp-report')
+}
 ################################################################################