Open some1ataplace opened 1 year ago
It could be nice to mark them too in this documentation, would you like to submit a PR ?
Looking at the MDN pages vs our latest/3.7 documentation, I see the following directives are deprecated and/or need some sorting out.
Rule | Docs | Note | Drop or keep? | Target release |
---|---|---|---|---|
CSP_BLOCK_ALL_MIXED_CONTENT |
MDN docs | Warning: This directive is marked as obsolete in the specification: all mixed content is now blocked if it can't be autoupgraded. |
Deprecate in 3.8 docs; remove in 3.10/4.0 | 3.8, 3.10/4.0 |
CSP_PLUGIN_TYPES |
MDN docs | This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future. |
Keep and add note to django-csp documentation | 3.8 |
CSP_PREFETCH_SRC |
MDN docs | As above | As above | 3.8 |
CSP_REPORT_URI |
MDN docs | Warning: Though the report-to directive is intended to replace the deprecated report-uri directive, report-to isn't supported in most browsers yet. So for compatibility with current browsers while also adding forward compatibility when browsers get report-to support, you can specify both report-uri and report-to: |
Keep and update docs | 3.8 |
@robhudson Before I go and make the changes slated for 3.8, would you mind seeing if you agree here?
The items tagged 3.8
, above, have updated documentation now. Keeping this issue open for the one tagged 3.9
@stevejalim Anything else needed for this issue?
The documentation has a lot of deprecated features.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy