On Fri, Nov 25, 2022 at 2:32 PM 'Adam Johnson' via Django developers 1. CORS in core
> > django-cors-headers’ implementation is a bit janky, for example it uses a > regex to filter paths. It also lacks the key ability to set up different > CORS policies per path. Both of these could be done with a decorator. > > I’d like to see a form of CORS support in Django that more closely follows > the design of the CSRF/clickjacking protection. > >> Another option: Content Security Policy support in core. The current django-csp third-party app isn't necessarily bad, but I'd love to see more good security tools in Django by default. (some of this gets back to an old proposal for a consolidated top-level SECURITY setting that could expand to cover all the tools, but that's likely out of scope for a GSoC project) -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAL13Cg8zZZizDRvQCKfe4KS_tPS1zOyW-%3DZSQmj0MkZ7EGnGQA%40mail.gmail.com.