Add support for csp_clear decorator. #202
Conversation
This allows a directive to be cleared / unset entirely for a particular view. Closes mozilla#201
There was a problem hiding this comment.
Thanks for this @tim-schilling -- in my capacity as not-the-official-maintainer-but-keen-to-help, I can see how this could be useful to others -- and certainly makes it easier to get out of a hole if, say, auth has to happen on a different domain compared to the iframed content.
I've suggested some minor docs tweaks, and then it'll need rebasing and conflicts fixing, I'm afraid.
I'm thinking that if a 3.8 release remains focused on Django+Python updates and generally bringing the project up to date, this changeset could be a good one for 3.9
| ================ | ||
|
|
||
| The ``@csp_clear`` decorator allows you to **clear** a CSP directive. Clearing | ||
| a directive will take priority over any of the other options. |
There was a problem hiding this comment.
I wonder if an admonition directive here like warning or even danger might be worthwhile.
Co-authored-by: Steve Jalim <[email protected]>
|
Since the underlying code changed drastically I'm going to close this. We're discussing the need for this in #201. |
This allows a directive to be cleared / unset entirely for a particular view.
Closes #201