Note: this is the same task as for job-server.
Why are we doing this?
- Django has recently added its own support for Content Security Policy on 2025-06-27; it's been co-authored by a
django-csp maintainer.
django-csp is an extra dependency. We typically have a policy of removing third-party dependencies where it's possible to easily replicate the functionality we're using.
How will we know when it's done?
When we're using Django's own CSP support, and have removed django-csp as a dependency.
What are we doing?
- Awaiting a version of Django with the CSP feature included.
- Validating that we can have a suitable configuration with Django's own support.
- If so:
- replace the
django-csp configuration with a configuration for Django;
- and then remove
django-csp.
Note: this is the same task as for job-server.
Why are we doing this?
django-cspmaintainer.django-cspis an extra dependency. We typically have a policy of removing third-party dependencies where it's possible to easily replicate the functionality we're using.How will we know when it's done?
When we're using Django's own CSP support, and have removed
django-cspas a dependency.What are we doing?
django-cspconfiguration with a configuration for Django;django-csp.