Content-Security-Policy compatibility #287

bmihelac · 2024-05-26T07:35:24Z

Which version of Django are you using?:

Django 4.2

Which version of django-rosetta are you using?:

0.10.0

Have you looked trough recent issues and checked this isn't a duplicate?

Yes

It would be nice to ditch using inline styles and scripts so that the Django Rosetta admin interface can be used with CSP headers without needing to specify SHA-256 hashes.

The workaround for 0.10.0 is:

CSP_STYLE_SRC += [
    "'sha256-q5rmgt0qnS6vusTX681CxP1llW8fGLSs67L4+dVXYgM='",
    "'sha256-r6dGmfJqBIB7bl4g+OioPKi2r6BGt6yJMK3smPY2W3o='",
    "'unsafe-hashes'",
]
CSP_SCRIPT_SRC += [
    "'sha256-+cShGZPBVbwcgDZxLez6BVyIIip5Ei8dtU08wGULPgA='",
    "'sha256-TcUB1mzXiQO4GxpTRZ0EMpOXKMU3u+n/q1WrgVIcs1I='",
]

mbi · 2024-05-26T07:39:06Z

Yea, I see that could be useful, although not my highest priority at the moment! A PR would be appreciated if you feel like digging into this.

bmihelac · 2024-05-27T12:27:21Z

@mbi Thanks for suggestion. I’ll keep this in mind and see if I can find some time to work on it.

mbi · 2024-06-02T07:21:17Z

Merged, thank you so much!

mbi added the PR welcome 🙏 label May 26, 2024

bmihelac mentioned this issue May 31, 2024

Content-Security-Policy compatibility #288

Merged

3 tasks

mbi closed this as completed Jun 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Content-Security-Policy compatibility #287

Content-Security-Policy compatibility #287

bmihelac commented May 26, 2024

mbi commented May 26, 2024

bmihelac commented May 27, 2024

mbi commented Jun 2, 2024

Content-Security-Policy compatibility #287

Content-Security-Policy compatibility #287

Comments

bmihelac commented May 26, 2024

mbi commented May 26, 2024

bmihelac commented May 27, 2024

mbi commented Jun 2, 2024