Add type stubs for built-in CSP support in Django 6.0

Author: federicobond

django-stubs/conf/global_settings.pyi

@@ -541,3 +541,9 @@ SECURE_REDIRECT_EXEMPT: list[str]
 SECURE_REFERRER_POLICY: str
 SECURE_SSL_HOST: str | None
 SECURE_SSL_REDIRECT: bool
+
+##################
+# CSP MIDDLEWARE #
+##################
+SECURE_CSP: dict[str, Any] = {}
+SECURE_CSP_REPORT_ONLY: dict[str, Any] = {}

django-stubs/middleware/csp.pyi

@@ -0,0 +1,11 @@
+from typing import TYPE_CHECKING
+
+from django.utils.csp import CSP as CSP
+
+if TYPE_CHECKING:
+    from django.http import HttpRequest, HttpResponse
+    from django.utils.deprecation import MiddlewareMixin
+
+class CSPMiddleware(MiddlewareMixin):
+    def process_request(self, request: HttpRequest) -> None: ...
+    def process_response(self, request: HttpRequest, response: HttpResponse) -> HttpResponse: ...

django-stubs/utils/csp.pyi

@@ -0,0 +1,24 @@
+import sys
+
+if sys.version_info >= (3, 11):
+    from enum import StrEnum
+else:
+    from enum import Enum
+
+    class ReprEnum(Enum): ...  # type: ignore[misc]
+    class StrEnum(str, ReprEnum): ...  # type: ignore[misc]
+
+class CSP(StrEnum):
+    HEADER_ENFORCE = "Content-Security-Policy"
+    HEADER_REPORT_ONLY = "Content-Security-Policy-Report-Only"
+
+    NONE = "'none'"
+    REPORT_SAMPLE = "'report-sample'"
+    SELF = "'self'"
+    STRICT_DYNAMIC = "'strict-dynamic'"
+    UNSAFE_EVAL = "'unsafe-eval'"
+    UNSAFE_HASHES = "'unsafe-hashes'"
+    UNSAFE_INLINE = "'unsafe-inline'"
+    WASM_UNSAFE_EVAL = "'wasm-unsafe-eval'"
+
+    NONCE = "<CSP_NONCE_SENTINEL>"

django-stubs/views/decorators/csp.pyi

@@ -0,0 +1,7 @@
+from collections.abc import Callable
+from typing import Any, TypeVar
+
+_F = TypeVar("_F", bound=Callable[..., Any])
+
+def csp_override(config: dict[str, Any]) -> Callable[[_F], _F]: ...
+def csp_report_only_override(config: dict[str, Any]) -> Callable[[_F], _F]: ...