Set the draft security HTTP header Feature-Policy on your Django app.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AdamChainz from gravatar.com AdamChainz

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: ISC License (ISCL) (ISC)
  • Author: Adam Johnson
  • Tags Django
  • Requires: Python >=3.4
Classifiers
Report project as malware

This project has been archived.

The maintainers of this project have marked this project as archived. No new releases are expected.

Project description

django-feature-policy

https://img.shields.io/travis/adamchainz/django-feature-policy/master.svg https://img.shields.io/pypi/v/django-feature-policy.svg

Set the draft security HTTP header Feature-Policy on your Django app.

Requirements

Tested with all combinations of:

  • Python: 3.6

  • Django: 2.0, 2.1

Python 3.4+ supported.

Installation

Install with pip:

pip install django-feature-policy

Then add the middleware, best after Django’s SecurityMiddleware as it does similar addition of security headers that you’ll want on every response:

MIDDLEWARE = [
  ...
  'django.middleware.security.SecurityMiddleware',
  'django_feature_policy.FeaturePolicyMiddleware',
  ...
]

By default no header will be set, configure the setting as below.

Setting

Change the FEATURE_POLICY setting to configure what Feature-Policy header gets set.

This should be a dictionary laid out with:

  • Keys as the names of browser features - a full list is available on the W3 Spec repository. The MDN article is also worth reading.

  • Values as lists of strings, where each string is either an origin, e.g. 'https://example.com', or of the special values 'self', 'none', or '*'. If there is just one value, no containing list is necessary. Note that in the header, special values like 'none' include single quotes around them - do not include these quotes in your Python string, they will be added by the middleware.

If the keys or values are invalid, ImproperlyConfigured will be raised at instantiation time, or when processing a response. The current feature list is pulled from the JavaScript API with document.featurePolicy.allowedFeatures() on Chrome.

Examples

Disable geolocation from running in the current page and any iframe:

FEATURE_POLICY = {
    'geolocation': 'none',
}

Allow autoplay from the current origin and iframes from https://archive.org:

FEATURE_POLICY = {
    'autoplay': ['self', 'https://archive.org'],
}

History

Pending release

2.0.0 (2019-03-29)

  • Updated to the latest set of features from Chrome. ‘animations’, ‘image-compression’, and ‘max-downscaling-image’ have been removed, whilst ‘document-domain’, ‘font-display-late-swap’, ‘layout-animations’, ‘oversized-images’, ‘unoptimized-images’, and ‘wake-lock’ have been added. See more at https://github.com/w3c/webappsec-feature-policy/blob/master/features.md .

1.0.1 (2019-01-02)

1.0.0 (2018-10-24)

  • First release, supporting adding the header with a middleware.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for AdamChainz from gravatar.com AdamChainz

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: ISC License (ISCL) (ISC)
  • Author: Adam Johnson
  • Tags Django
  • Requires: Python >=3.4
Classifiers

Release history Release notifications | RSS feed

4.0.0

3.8.0

3.7.0

3.6.0

3.5.0

3.4.0

3.3.0

3.2.0

3.1.0

3.0.0

2.3.0

2.2.0

2.1.0

This version

2.0.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-feature-policy-2.0.0.tar.gz (5.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

django_feature_policy-2.0.0-py2.py3-none-any.whl (4.4 kB view details)

Uploaded Python 2Python 3

File details

Details for the file django-feature-policy-2.0.0.tar.gz.

File metadata

  • Download URL: django-feature-policy-2.0.0.tar.gz
  • Upload date:
  • Size: 5.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.8.0 tqdm/4.29.1 CPython/3.7.2

File hashes

Hashes for django-feature-policy-2.0.0.tar.gz
Algorithm Hash digest
SHA256 6b4d0ac8738cd66229d7c224e79280aa84bc36ba1be3451a84e2be1f69f0c958
MD5 aed87fdec8336ea7e3fc973e8ee7b799
BLAKE2b-256 bed00121b75345c01d12cd5d0490ba84ca1e44cc66599c4f2d381669e0e7c157

See more details on using hashes here.

File details

Details for the file django_feature_policy-2.0.0-py2.py3-none-any.whl.

File metadata

  • Download URL: django_feature_policy-2.0.0-py2.py3-none-any.whl
  • Upload date:
  • Size: 4.4 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.8.0 tqdm/4.29.1 CPython/3.7.2

File hashes

Hashes for django_feature_policy-2.0.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 be54a6732d731ee852ae1aa87fb1efd7e6e1037945f91e2ce914259edc7c429e
MD5 df84efb935726cdf78f81f1048b82bcc
BLAKE2b-256 3c9285beae2c03b22673eaa44bc231e20af2efc9a77dd7691bd5c1493fd2dbc2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page