Previously django-csp<4 had float values 0–1 that allowed for fractions or setting the reporting percentage below 1% generally. Now it is 0–100 in 4.0b1:
REPORT_PERCENTAGE
Percentage of requests that should see the report-uri directive. Use this to throttle the number of CSP violation reports made to your report-uri. An integer between 0 and 100 (0 = no reports at all). Ignored if report-uri isn’t set.
The migration assistant does round(n*100) so if originally the sample was 0.25% this would round it to 0 effectively turning off reporting. (Sure, it's for the consumers to figure this out! The migration is just a help, it still should be reviewed manually to catch similar issues…)
Is there a technical limitation to keep the new %% value only as integer from now on? A high traffic site may make use of reporting settings smaller than 1% [e.g.] so allowing floats would actually solve <1% values generally, and also allow keeping the same sample size migrating from previous versions.
Previously
django-csp<4
had float values 0–1 that allowed for fractions or setting the reporting percentage below 1% generally. Now it is 0–100 in4.0b1
:The migration assistant does
round(n*100)
so if originally the sample was 0.25% this would round it to 0 effectively turning off reporting. (Sure, it's for the consumers to figure this out! The migration is just a help, it still should be reviewed manually to catch similar issues…)Is there a technical limitation to keep the new %% value only as integer from now on? A high traffic site may make use of reporting settings smaller than 1% [e.g.] so allowing floats would actually solve <1% values generally, and also allow keeping the same sample size migrating from previous versions.