Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Easier integration with CSP #78

Open
jaycle opened this issue Oct 27, 2023 · 0 comments
Open

Easier integration with CSP #78

jaycle opened this issue Oct 27, 2023 · 0 comments

Comments

@jaycle
Copy link

jaycle commented Oct 27, 2023

  • django-json-widget version: master branch (32c6acf
  • Django version: 4.2
  • Python version: 3.11
  • Operating System: Linux/OSX

Description

Our site requires a Content Security Policy and uses django-csp to implement this. One restriction is that inline scripts must have a nonce. Since this library makes use of an inline script to wire up JSONEditor to the form fields in the Widget, we are unable to use the library as is.

What I Did

Since request is not available to the context of a Widget, my first attempt to fix was by extending the provided Widget and adding nonce to a custom template. Ultimately, I was able to work around by providing a separate script that lives at the page level. I'll be happy to put together a PR to fix if interested in this more generally.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant