{
"info": {
"author": "Bennyoak",
"author_email": "benny@twosensedesign.com",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 5 - Production/Stable",
"Environment :: Web Environment",
"Framework :: Django",
"Intended Audience :: Developers",
"License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)",
"Operating System :: OS Independent",
"Programming Language :: Python",
"Programming Language :: Python :: 2",
"Programming Language :: Python :: 2.7",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.4",
"Programming Language :: Python :: 3.5",
"Programming Language :: Python :: Implementation :: CPython",
"Topic :: Software Development :: Libraries :: Python Modules"
],
"description": "Django-CSP-Nonce (beta)\n=======================\n\n|Build Status|\n\nDCN is a Content-Security-Policy nonce injection support system for\nDjango and CSP.\n\n| It provides for on-the-fly nonce creation and deployment. Once\n installed, DCN will generate a unique nonce\n| for each request (one for ``script-src`` and a separate one for\n ``style-src`` directives) append the nonce to the\n| CSP header, then make the nonce(s) accessible to the templates via the\n Django Context Processors.\n\n| DCN stays out of the way of `Django-CSP`_ and can operate\n| independently with any method of CSP insertion that passes through\n Django Middleware.\n\nDisclosure\n----------\n\n- This code has not been through a third party security audit.\n- I\u2019ve successfully tested this locally with ``pypy-5.4.1``. TravisCI\n has confirmed this doesn\u2019t work with their version.\n\nInstallation\n------------\n\n``pip install django-csp-nonce``\n\nAdd DCN to ``MIDDLEWARE_CLASSES``:\n\n.. code:: python\n\n MIDDLEWARE_CLASSES = (\n [ ... ]\n 'csp_nonce.middleware.CSPNonceMiddleware',\n # Make sure you put it *above* django-csp if you're using it\n [ ... ]\n )\n\nAdd DCN to ``context_processors``:\n\n.. code:: python\n\n TEMPLATES = [\n {\n 'BACKEND': 'django.template.backends.django.DjangoTemplates',\n 'DIRS': [...],\n 'APP_DIRS': True,\n 'OPTIONS': {\n 'context_processors': [\n 'csp_nonce.context_processors.nonce',\n [ ... ]\n ],\n },\n },\n ]\n\nFinally, add DCN directives to settings:\n\n.. code:: python\n\n CSP_NONCE_SCRIPT = False # True if you want to use it\n CSP_NONCE_STYLE = False # True if you want to use it\n CSP_FLAG_STRICT = False # True to include strict-dynamic in CSP\n\nUsage\n-----\n\nDCN takes care of nonce generation for you. As you work\non your templates, pull in your specific nonce from the context:\n\n.. code:: django\n\n \n\n \n\nDependencies\n------------\n\n- Django\n\nKnown issues\n------------\n\n- Nonce sync breaks on ``settings.DEBUG=True``\n\n.. _Django-CSP: http://django-csp.readthedocs.io/en/latest/\n\n.. |Build Status| image:: https://travis-ci.org/Bennyoak/django-csp-nonce.svg?branch=master\n :target: https://travis-ci.org/Bennyoak/django-csp-nonce\n\n\nImportant Changes\n-----------------\n\n- 1.0\n\n - Out of beta!\n - PyNacl is no longer a dependency. (Moving forward the aim is to\n stay compatible with environments such as Google App Engine which\n don't support non-python extensions.)\n\n\nRunning Tests\n-------------\n\nUse ``tox`` to run the tests against multiple versions of Python that\nyou have installed and multiple versions of Django. Please make sure\nthat you run your tests against at least Python 2.7 and Python 3.5.\n\n.. code:: bash\n\n virtualenv venv\n . ./venv/bin/activate\n\n pip install tox\n\n tox\n\n\n",
"description_content_type": null,
"docs_url": null,
"download_url": "",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "http://github.com/Bennyoak/django-csp-nonce",
"keywords": "CSP Content Security Policy Nonce Django",
"license": "MPL 2.0",
"maintainer": "",
"maintainer_email": "",
"name": "django-csp-nonce",
"package_url": "https://pypi.org/project/django-csp-nonce/",
"platform": "",
"project_url": "https://pypi.org/project/django-csp-nonce/",
"project_urls": {
"Homepage": "http://github.com/Bennyoak/django-csp-nonce"
},
"release_url": "https://pypi.org/project/django-csp-nonce/1.0.0/",
"requires_dist": [
"Django (>=1.6)",
"django-csp; extra == 'tests'",
"mock (==1.0.1); extra == 'tests'",
"pep8 (==1.4.6); extra == 'tests'",
"pytest (==2.9.1); extra == 'tests'",
"pytest-django (==2.9.1); extra == 'tests'",
"pytest-flakes (==1.0.1); extra == 'tests'",
"pytest-pep8 (==1.0.6); extra == 'tests'"
],
"requires_python": "",
"summary": "Nonce support for Content Security Policy in Django.",
"version": "1.0.0"
},
"last_serial": 3046152,
"releases": {
"1.0.0": [
{
"comment_text": "",
"digests": {
"md5": "c65ae67af4cb736c308385410a2caa90",
"sha256": "dcd5d53f9df86cbd4ef2d8f79effb3eb88ff5293bdb6554a9831a0999fab1d25"
},
"downloads": -1,
"filename": "django_csp_nonce-1.0.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "c65ae67af4cb736c308385410a2caa90",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 11486,
"upload_time": "2017-07-09T19:59:18",
"url": "https://files.pythonhosted.org/packages/98/82/cea6456dfd9b923f48bd493d720521f709a23b482526e1861c24f179c440/django_csp_nonce-1.0.0-py2.py3-none-any.whl"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "c65ae67af4cb736c308385410a2caa90",
"sha256": "dcd5d53f9df86cbd4ef2d8f79effb3eb88ff5293bdb6554a9831a0999fab1d25"
},
"downloads": -1,
"filename": "django_csp_nonce-1.0.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "c65ae67af4cb736c308385410a2caa90",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 11486,
"upload_time": "2017-07-09T19:59:18",
"url": "https://files.pythonhosted.org/packages/98/82/cea6456dfd9b923f48bd493d720521f709a23b482526e1861c24f179c440/django_csp_nonce-1.0.0-py2.py3-none-any.whl"
}
]
}