Fixed #36532 -- Added Content Security Policy view decorators to override or disable policies.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
2025-10-24 06:06:09 +00:00 · 2025-08-23 12:23:53 -07:00
parent 292b9e6fe8
commit 550822bcee
10 changed files with 354 additions and 14 deletions
--- a/tests/middleware/views.py
+++ b/tests/middleware/views.py
@@ -3,9 +3,11 @@ import sys

 from django.http import HttpResponse
 from django.middleware.csp import get_nonce
+from django.utils.csp import CSP
 from django.utils.decorators import method_decorator
 from django.views.debug import technical_500_response
 from django.views.decorators.common import no_append_slash
+from django.views.decorators.csp import csp_override, csp_report_only_override
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import View

@@ -29,6 +31,44 @@ def csp_nonce(request):
    return HttpResponse(get_nonce(request))


+@csp_override({})
+def csp_disabled_enforced(request):
+    return HttpResponse()
+
+
+@csp_report_only_override({})
+def csp_disabled_ro(request):
+    return HttpResponse()
+
+
+@csp_override({})
+@csp_report_only_override({})
+def csp_disabled_both(request):
+    return HttpResponse()
+
+
+csp_policy_override = {
+    "default-src": [CSP.SELF],
+    "img-src": [CSP.SELF, "data:"],
+}
+
+
+@csp_override(csp_policy_override)
+def csp_override_enforced(request):
+    return HttpResponse()
+
+
+@csp_report_only_override(csp_policy_override)
+def csp_override_report_only(request):
+    return HttpResponse()
+
+
+@csp_override(csp_policy_override)
+@csp_report_only_override(csp_policy_override)
+def csp_override_both(request):
+    return HttpResponse()
+
+
 def csp_500(request):
    try:
        raise Exception