Disable notice regarding django-csp

[GertBurger]

Is there a way to disable the notice regarding django-csp when it is not in use and CSP is managed via another mechanism?

WARNING [djangosaml2:90] django-csp could not be found, not updating Content-Security-Policy. Please make sure CSP is configured at least by httpd or setup django-csp. See https://djangosaml2.readthedocs.io/contents/security.html#content-security-policy for more information

FYI, the link is also broken.

[peppelinux]

mhh.. probably the CD of the docs has some problem, I have to check.

generally that warning is for security reason

you can configure pylogging, by saying that that specific part of the code, when produces a warning, it could be sent to dev null, for example

[GertBurger]

Via a logging.Filter()? That seems a bit excessive just to remove a warning about an optional dependency that is not required when CSP is managed via a different mechanism.

That log output is on the djangosaml2 logger name with all other logging output from this library, so adjusting the level of it to filter out warnings will also affect valuable logging output.

Were you thinking of a different method?

For now I'll just patch out the csp module namespace with a dummy.

[peppelinux]

we can move this

djangosaml2/djangosaml2/views.py

Line 90 in 169fc48

logger.warning("django-csp could not be found, not updating Content-Security-Policy. Please "

into another file and import it where we want, then and configure this
https://github.com/IdentityPython/djangosaml2/blob/master/tests/settings.py#L144

to ignore the warning raised in that file

OR

we can create a settings parameter to disable that specific warning, by default the warning is raised.

[GertBurger]

Another option to consider is a setting that points to the CSP handler, which by default can be the django-csp one. Allowing the user to specify their own or disable the feature.

One can then still emit the current log entry if the default value for the setting is set but django-csp is not installed.

Just a thought, either of the ways you mentioned would work fine for us.

[peppelinux]

could you please provide a PR with your preferred approach, we'll do a revision and a new release together