update to django-csp 4.0

src/strass/requirements.txt

@@ -28,5 +28,5 @@ tqdm
 gunicorn
 qrcode[pil]
 python-magic # to check mime type
-django-csp
+django-csp>=4.0
 #END OF FILE

src/strass/strass/settings.py

@@ -251,34 +251,37 @@ FILE_UPLOAD_MAX_MEMORY_SIZE = 10485760  # 10Mo
 ################################################################################
 # DJANGO CSP, and DJANGO CSP REPORTS
 ################################################################################
-CSP_DEFAULT_SRC = [
-    "'self'",
-    "*",
-]
-CSP_SCRIPT_SRC = [
-    "'self'",
-    "cdn.datatables.net",
-    "cdnjs.cloudflare.com",
-    "code.jquery.com",
-    "plausible.pasteur.cloud",
-    "stackpath.bootstrapcdn.com",
-    "cdn.jsdelivr.net",
-    "www.googletagmanager.com",
-    "www.google-analytics.com",
-]
-CSP_STYLE_SRC = [
-    "'self'",
-    "'unsafe-inline'",
-    '*',
-]
-CSP_IMG_SRC = [
-    "'self'",
-    "*",
-    "data:",
-]
-CSP_EXCLUDE_URL_PREFIXES = (
-    # "/candidate/",
-)
-CSP_REPORT_URI = reverse_lazy('cspmailreports:csp-report')
+
+CONTENT_SECURITY_POLICY = {
+    'DIRECTIVES': {
+        'default-src': [
+            "'self'",
+            '*',
+        ],
+        'script-src': [
+            "'self'",
+            'cdn.datatables.net',
+            'cdnjs.cloudflare.com',
+            'code.jquery.com',
+            'plausible.pasteur.cloud',
+            'stackpath.bootstrapcdn.com',
+            'cdn.jsdelivr.net',
+            'www.googletagmanager.com',
+            'www.google-analytics.com',
+        ],
+        'style-src': [
+            "'self'",
+            "'unsafe-inline'",
+            '*',
+        ],
+        'img-src': [
+            "'self'",
+            "*",
+            "data:",
+        ],
+        'report-uri': reverse_lazy('cspmailreports:csp-report'),
+    },
+    'EXCLUDE_URL_PREFIXES': (),
+}
 
 ################################################################################