|
18 | 18 | import zlib |
19 | 19 | from functools import lru_cache, wraps |
20 | 20 | from typing import Optional |
| 21 | +from importlib.metadata import version, PackageNotFoundError |
21 | 22 |
|
22 | 23 | from django.conf import settings |
23 | 24 | from django.core.exceptions import ImproperlyConfigured |
@@ -255,22 +256,19 @@ def _django_csp_update_decorator(): |
255 | 256 | else: |
256 | 257 | # autosubmit of forms uses nonce per default |
257 | 258 | # form-action https: to send data to IdPs |
258 | | - |
259 | 259 | # Check django-csp version to determine the appropriate format |
260 | 260 | try: |
261 | | - version = getattr(csp, "__version__", "0.0") |
262 | | - major_version = int(version.split(".")[0]) |
263 | | - |
| 261 | + csp_version = version('django-csp') |
| 262 | + major_version = int(csp_version.split('.')[0]) |
| 263 | + |
264 | 264 | # Version detection successful |
265 | 265 | if major_version >= 4: |
266 | 266 | # django-csp 4.0+ uses dict format with named 'config' parameter |
267 | 267 | return csp_update(config={"form-action": ["https:"]}) |
268 | | - else: |
269 | | - # django-csp < 4.0 uses kwargs format |
270 | | - return csp_update(FORM_ACTION=["https:"]) |
271 | | - except (AttributeError, ValueError, IndexError): |
| 268 | + # django-csp < 4.0 uses kwargs format |
| 269 | + return csp_update(FORM_ACTION=["https:"]) |
| 270 | + except (PackageNotFoundError, ValueError, RuntimeError, AttributeError, IndexError): |
272 | 271 | # Version detection failed, we need to try both formats |
273 | | - |
274 | 272 | # Try v4.0+ style first because: |
275 | 273 | # 1. It has better error handling with clear messages |
276 | 274 | # 2. Newer versions are more likely to be supported in the future |
|
0 commit comments