From e6157cb639231959f280d5ae62e8847b44a9ff84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Carlos=20Rodr=C3=ADguez=20Texidor?=
 <jcrtexidor@gmail.com>
Date: Tue, 13 May 2025 17:26:18 -0300
Subject: [PATCH] utils.py: update CSP handling for django-csp version
 compatibility

---
 djangosaml2/utils.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/djangosaml2/utils.py b/djangosaml2/utils.py
index 3426ec1..7820f54 100644
--- a/djangosaml2/utils.py
+++ b/djangosaml2/utils.py
@@ -18,6 +18,7 @@
 import zlib
 from functools import lru_cache, wraps
 from typing import Optional
+import importlib.metadata
 
 from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured
@@ -254,4 +255,14 @@ def _django_csp_update_decorator():
     else:
         # autosubmit of forms uses nonce per default
         # form-action https: to send data to IdPs
-        return csp_update(FORM_ACTION=["https:"])
+        try:
+            csp_version = importlib.metadata.version("django-csp")
+        except importlib.metadata.PackageNotFoundError:
+            csp_version = "0"
+
+        major_version = int(csp_version.split(".")[0])
+
+        if major_version >= 4:
+            return csp_update({"form-action": ["https:"]})
+        else:
+            return csp_update(FORM_ACTION=["https:"])