diff --git a/src/strass/requirements.txt b/src/strass/requirements.txt
index 5f03632fb5785e3d4d889b634464e361d48a95c9..3df95637824e706c42e358569ced70503c4fdc9c 100644
--- a/src/strass/requirements.txt
+++ b/src/strass/requirements.txt
@@ -28,5 +28,5 @@ tqdm
gunicorn
qrcode[pil]
python-magic # to check mime type
-django-csp
+django-csp>=4.0
#END OF FILE
diff --git a/src/strass/strass/settings.py b/src/strass/strass/settings.py
index d6f93636d3cd2148c334d2358f19b862627c5fbb..902608858f874ea6b6fa7bd67960cda6fc6ad9f0 100644
--- a/src/strass/strass/settings.py
+++ b/src/strass/strass/settings.py
@@ -251,34 +251,37 @@ FILE_UPLOAD_MAX_MEMORY_SIZE = 10485760 # 10Mo
################################################################################
# DJANGO CSP, and DJANGO CSP REPORTS
################################################################################
-CSP_DEFAULT_SRC = [
- "'self'",
- "*",
-]
-CSP_SCRIPT_SRC = [
- "'self'",
- "cdn.datatables.net",
- "cdnjs.cloudflare.com",
- "code.jquery.com",
- "plausible.pasteur.cloud",
- "stackpath.bootstrapcdn.com",
- "cdn.jsdelivr.net",
- "www.googletagmanager.com",
- "www.google-analytics.com",
-]
-CSP_STYLE_SRC = [
- "'self'",
- "'unsafe-inline'",
- '*',
-]
-CSP_IMG_SRC = [
- "'self'",
- "*",
- "data:",
-]
-CSP_EXCLUDE_URL_PREFIXES = (
- # "/candidate/",
-)
-CSP_REPORT_URI = reverse_lazy('cspmailreports:csp-report')
+
+CONTENT_SECURITY_POLICY = {
+ 'DIRECTIVES': {
+ 'default-src': [
+ "'self'",
+ '*',
+ ],
+ 'script-src': [
+ "'self'",
+ 'cdn.datatables.net',
+ 'cdnjs.cloudflare.com',
+ 'code.jquery.com',
+ 'plausible.pasteur.cloud',
+ 'stackpath.bootstrapcdn.com',
+ 'cdn.jsdelivr.net',
+ 'www.googletagmanager.com',
+ 'www.google-analytics.com',
+ ],
+ 'style-src': [
+ "'self'",
+ "'unsafe-inline'",
+ '*',
+ ],
+ 'img-src': [
+ "'self'",
+ "*",
+ "data:",
+ ],
+ 'report-uri': reverse_lazy('cspmailreports:csp-report'),
+ },
+ 'EXCLUDE_URL_PREFIXES': (),
+}
################################################################################