Guidance for Content Security Policy compatibility

[thibaudcolas]

Thank you to everyone who has submitted proposals for our Content Security Policy compatibility project idea so far!

Here is some additional guidance on how to improve your proposals, based on questions we received, and what we saw in the proposals.

Structure

Proposals are free-form, any structure is allowed. If you’re not sure where to start, we would recommend a structure that helps address all components of the project:

• Addressing any remaining CSP issues in Wagtail.
• Providing official recommendations for compatible CSP settings.
• Ensuring essential functionality works with a strict CSP.
• Documenting or backlogging all CSP-related issues.
• Adding a strict CSP to wagtail.org.

This can be in the form of multiple sections, or one project timeline with tasks that cover all relevant sections, or a mixture of both.

Length

The shorter the better. We recommend a maximum of 5 pages.

• One to introduce yourself, broadly showcase your experience (linking to external resources is recommended), explain your motivation.
• 2-3 to explain your take on your project

Writing longer proposals is allowed but generally won’t help. Our reviewers have limited time and brevity is encouraged.

AI writing for proposals

Writing with an AI is completely fine. Be mindful not to abuse it, as we care much more about your understanding of the project than the correctness of your english writing. Use of AI helps a lot with english writing but can result in project plans that don’t match reality and give reviewers the wrong impression on your degree of understanding of the work needed.

How to make your proposal stand out

From what we have reviewed so far, proposals are most low on details on the following points of the project.

Ensuring essential functionality works with a strict CSP

This would be in the form of either new processes for contributors to test their work, or automated tools / tests to check for CSP issues over time. Few proposals mention how they would do this, so I would recommend investing time in reviewing how other projects do this, and proposing tools or techniques to meet this goal.

Official recommendations in an evolving landscape

django-csp recently released their version 4. We would need to heavily review how the package has evolved to adapt any recommendations.

Stretch goals

If you believe the project is too narrow in scope, here are recommendations on ways to extend it. Those don’t have to be firm plans in any proposals, but they can be acknowledged and expanded on if you believe there is room:

• CSP support for other Wagtail properties – guide.wagtail.org, docs.wagtail.org
• CSP support in Wagtail packages

---

If you have further questions that aren’t covered above feel free to ask them here – you can update any submitted proposals right up until the deadline for GSoC. And we will review proposals and questions here as they come until that deadline. Only submitted proposals will be considered for our final selection – make sure to re-submit within the GSoC platform.

[thibaudcolas]

We’ve received 16 proposals for this project :) Thank you to everyone who gave this a go. The results will be announced on the 8th of May per the GSoC timeline!