Django: Security and Query Performance Updates
Django merged two significant pull requests addressing Content Security Policy support in admin templates and fixing a query ordering regression in combined database queries.
Duration: PT1M44S
Transcript
Good morning, this is your Django development briefing for Thursday, May 19th, 2026.
Two key pull requests were merged yesterday addressing security and database performance issues.
Johannes Maron merged PR #21270, which implements Content Security Policy nonce support across Django's admin interface. This comprehensive update touches 22 files, adding CSP nonce tags to script, link, and style elements in admin templates including login pages, change forms, and error pages. The change improves security compliance for applications using Content Security Policy headers.
Jacob Walls merged PR #21277, fixing a regression in query ordering for combined database queries. The issue involved the clear_ordering method not properly clearing ordering on union, intersection, and difference queries recursively. This fix ensures that unnecessary ordering is properly removed from nested combined queries, which improves database performance and prevents potential SQL errors.
The merged changes include four additional commits that implement the core functionality. The CSP nonce implementation required updates to base admin templates and forms, while the query ordering fix involved modifications to Django's ORM compiler and query handling logic.
What's next: These changes strengthen Django's security posture with better CSP support and resolve database query performance issues that could affect complex applications using combined querysets.
That's your Django briefing for today. Stay updated with the latest development activity.