[Beta] Report percentage cannot be smaller than 1%

[janbrasna]

Previously django-csp<4 had float values 0–1 that allowed for fractions or setting the reporting percentage below 1% generally. Now it is 0–100 in 4.0b1:

REPORT_PERCENTAGE

• Percentage of requests that should see the report-uri directive. Use this to throttle the number of CSP violation reports made to your report-uri. An integer between 0 and 100 (0 = no reports at all). Ignored if report-uri isn’t set.

The migration assistant does round(n*100) so if originally the sample was 0.25% this would round it to 0 effectively turning off reporting. (Sure, it's for the consumers to figure this out! The migration is just a help, it still should be reviewed manually to catch similar issues…)

Is there a technical limitation to keep the new %% value only as integer from now on? A high traffic site may make use of reporting settings smaller than 1% [e.g.] so allowing floats would actually solve <1% values generally, and also allow keeping the same sample size migrating from previous versions.

[janbrasna]

(Actually the whole rate-limiting is a separate contrib middleware… Wouldn't be worth folding it into the core code to make it easier to adopt it?)