search

adamchainz / django-permissions-policy

Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.
MIT License
98 stars 6 forks source link

Add type hint for FEATURE_NAMES #290

Closed craiga closed 2 years ago

adamchainz commented 2 years ago

Why? Doesn't Mypy already infer this?

craiga commented 2 years ago

It doesn't for me, though I might be doing something wrong (I'm very new to Mypy).

I have this code to explicitly deny all features:

PERMISSIONS_POLICY: typing.Mapping[str, typing.Iterable[str]] = {
    feature_name: [] for feature_name in django_permissions_policy.FEATURE_NAMES
}

Mypy tells me this:

my_cool_proj/settings.py:123: error: Cannot determine type of "FEATURE_NAMES"

FWIW, I'm using django-permissions-policy==4.9.0 and mypy==0.942.

adamchainz commented 2 years ago

...and does it work with this patch?

anyway, importing and automatically denying all features is probably not a good idea. the features are changing all the time still and many are experimental and cover unexpected things. it wouldn't surprise me if one day there was a 'javascript' or a 'css' feature 😅. you could easily break a site just by upgrading django-permissions-policy with such code in place.

adamchainz commented 2 years ago

I've merged but do be cautious about disabling all features as above... I'm going to rename the variable to be "private" to discourage this.

craiga commented 2 years ago

Ah yeah, that's a good point. I'll have a think about changing my approach here.

And sorry for the lack of reply here. I've been cramming for an AWS exam I just finished this morning.