From 295a04f6b8a9060c90d453347511bcdabe512dfc Mon Sep 17 00:00:00 2001 From: Federico Bond Date: Thu, 4 Dec 2025 18:37:07 +1100 Subject: [PATCH] Add type stubs for built-in CSP support in Django 6.0 --- django-stubs/conf/global_settings.pyi | 6 ++++++ django-stubs/middleware/csp.pyi | 11 +++++++++++ django-stubs/utils/csp.pyi | 24 ++++++++++++++++++++++++ django-stubs/views/decorators/csp.pyi | 7 +++++++ 4 files changed, 48 insertions(+) create mode 100644 django-stubs/middleware/csp.pyi create mode 100644 django-stubs/utils/csp.pyi create mode 100644 django-stubs/views/decorators/csp.pyi diff --git a/django-stubs/conf/global_settings.pyi b/django-stubs/conf/global_settings.pyi index 40367682c..b2d9d788b 100644 --- a/django-stubs/conf/global_settings.pyi +++ b/django-stubs/conf/global_settings.pyi @@ -541,3 +541,9 @@ SECURE_REDIRECT_EXEMPT: list[str] SECURE_REFERRER_POLICY: str SECURE_SSL_HOST: str | None SECURE_SSL_REDIRECT: bool + +################## +# CSP MIDDLEWARE # +################## +SECURE_CSP: dict[str, Any] = {} +SECURE_CSP_REPORT_ONLY: dict[str, Any] = {} diff --git a/django-stubs/middleware/csp.pyi b/django-stubs/middleware/csp.pyi new file mode 100644 index 000000000..a913d18d0 --- /dev/null +++ b/django-stubs/middleware/csp.pyi @@ -0,0 +1,11 @@ +from typing import TYPE_CHECKING + +from django.utils.csp import CSP as CSP + +if TYPE_CHECKING: + from django.http import HttpRequest, HttpResponse + from django.utils.deprecation import MiddlewareMixin + +class CSPMiddleware(MiddlewareMixin): + def process_request(self, request: HttpRequest) -> None: ... + def process_response(self, request: HttpRequest, response: HttpResponse) -> HttpResponse: ... diff --git a/django-stubs/utils/csp.pyi b/django-stubs/utils/csp.pyi new file mode 100644 index 000000000..c23480753 --- /dev/null +++ b/django-stubs/utils/csp.pyi @@ -0,0 +1,24 @@ +import sys + +if sys.version_info >= (3, 11): + from enum import StrEnum +else: + from enum import Enum + + class ReprEnum(Enum): ... # type: ignore[misc] + class StrEnum(str, ReprEnum): ... # type: ignore[misc] + +class CSP(StrEnum): + HEADER_ENFORCE = "Content-Security-Policy" + HEADER_REPORT_ONLY = "Content-Security-Policy-Report-Only" + + NONE = "'none'" + REPORT_SAMPLE = "'report-sample'" + SELF = "'self'" + STRICT_DYNAMIC = "'strict-dynamic'" + UNSAFE_EVAL = "'unsafe-eval'" + UNSAFE_HASHES = "'unsafe-hashes'" + UNSAFE_INLINE = "'unsafe-inline'" + WASM_UNSAFE_EVAL = "'wasm-unsafe-eval'" + + NONCE = "" diff --git a/django-stubs/views/decorators/csp.pyi b/django-stubs/views/decorators/csp.pyi new file mode 100644 index 000000000..923a3f374 --- /dev/null +++ b/django-stubs/views/decorators/csp.pyi @@ -0,0 +1,7 @@ +from collections.abc import Callable +from typing import Any, TypeVar + +_F = TypeVar("_F", bound=Callable[..., Any]) + +def csp_override(config: dict[str, Any]) -> Callable[[_F], _F]: ... +def csp_report_only_override(config: dict[str, Any]) -> Callable[[_F], _F]: ...