Security News
Highlights from the 2024 Rails Community Survey
A record 2,709 developers participated in the 2024 Ruby on Rails Community Survey, revealing key tools, practices, and trends shaping the Rails ecosystem.
A Django app for handling reports from web browsers of violations of your website's HTTP Content Security Policy.
A Django app for handling reports from web browsers of violations of your website's content security policy.
This app does not handle the setting of the Content-Security-Policy HTTP headers, but deals with handling the reports that web browsers may submit to your site (via the report-uri
) when the stated content security policy is violated.
It is recommended that you use an app such as django-csp (Github) to set the Content-Security-Policy
headers.
It receives the reports from the browser and does any/all of the following with them:
logging
module.Supports Python 3.5 to 3.10 and Django 2.2 to 4.x (latest).
Python 2.7 support is available in version 1.4 and/or the python2.7-support
branch.
pip install django-csp-reports
.'cspreports'
to your INSTALLED_APPS
.cspreports.urls
in your URL config somewhere, e.g. urlpatterns = [path('csp/', include('cspreports.urls'))]
.Content-Security-Policy
HTTP headers, set reverse('report_csp')
as the report-uri
. (Note, with django-csp, you will want to set CSP_REPORT_URI = reverse_lazy('report_csp')
in settings.py).CSP_REPORTS_EMAIL_ADMINS
(bool
defaults to True
).
CSP_REPORTS_LOG
(bool
, whether or not to log the reporting using the python logging
module, defaults to True
).
CSP_REPORTS_LOG_LEVEL
(str
, one of the Python logging module's available log functions, defaults to 'warning'
).
CSP_REPORTS_SAVE
(bool
defaults to True
). Determines whether the reports are saved to the database.
CSP_REPORTS_ADDITIONAL_HANDLERS
(iterable
defaults to []
).
HttpRequest
of the CSP report.CSP_REPORTS_FILTER_FUNCTION
(str
of dotted path to a callable, defaults to None
).
HttpRequest
object of the CSP report before it's processed. Only requests for which the function returns True
are processed."cspreports.filters.filter_browser_extensions"
as a starting point.CSP_REPORTS_LOGGER_NAME
(str
defaults to CSP Reports
). Specifies the logger name that will be used for logging CSP reports, if enabled.
CSP_REPORTS_MODEL
(<app_label>.<model_name>
defaults to "cspreports.CSPReport"
). Specifies the model to be used for storing the CSP reports. You can easily extend the model by implementing the abstract base class cspreports.models.CSPReportBase
and adding your additional fields to it:
# your_app.model.py
from cspreports.models import CSPReportBase
class CustomCSPReport(CSPReportBase):
# Add your fields here
pass
# settings.py
CSP_REPORTS_MODEL = "your_app.CustomCSPReport"
clean_cspreports
Deletes old reports from the database.
Options:
--limit
- timestamp that all reports created since will not be deleted. Defaults to 1 week. Accepts any string that can be parsed as a datetime.make_csp_summary
Generates a summary of CSP reports.
By default includes reports from yesterday (00:00:00 to midnight). The summary shows the top 10 violation sources (i.e. pages from which violations were reported), the top 10 blocked URIs (banned resources which the pages tried to load), and the top 10 invalid reports (which the browser provided an invalid CSP report).
Options:
--since
- timestamp of the oldest reports to include. Accepts any string that can be parsed as a datetime.--to
- timestamp of the newest reports to include. Accepts any string that can be parsed as a datetime.--top
- limit of how many examples to show. Default is 10.FAQs
A Django app for handling reports from web browsers of violations of your website's HTTP Content Security Policy.
We found that django-csp-reports demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A record 2,709 developers participated in the 2024 Ruby on Rails Community Survey, revealing key tools, practices, and trends shaping the Rails ecosystem.
Security News
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.