GSoC'24 Proposal: [Security] Bring CORS & CSP into core


I am Kuldeep, an aspiring software engineer from India with an interest of contributing to Django, this GSoC(2024). I have chosen a project from the pre-defined list of ideas posted by the Django community, which goes by name ‘Security: Bring CORS and CSP into the core’.

I have prepared a draft proposal for the same (only CORS so far) by digging in about how HTTP request-response pipeline works in Django, how the middlewares are hooked to it and how decorators make the customisations easier for end developers. I would appreciate if you take a look at my proposal which can be visited here. Any feedbacks on the same or resources that you would like me to go through while writing CORS and CSP middlewares, even after the proposal submission deadline passes, is also duly appreciated :slight_smile:

However, I have a couple of questions regarding the submission (I’m aware it’s too late to ask, apologies :smiling_face_with_tear: ).

  • Are single implementations like ‘A proposal to bring only CORS into core’ entertained?
  • If yes, what would be the project size for such a project?

Thanks in advance, cheers!