Easier integration with CSP
Opened this issue · 0 comments
jaycle commented
- django-json-widget version: master branch (32c6acf
- Django version: 4.2
- Python version: 3.11
- Operating System: Linux/OSX
Description
Our site requires a Content Security Policy and uses django-csp to implement this. One restriction is that inline scripts must have a nonce. Since this library makes use of an inline script to wire up JSONEditor
to the form fields in the Widget, we are unable to use the library as is.
What I Did
Since request
is not available to the context of a Widget, my first attempt to fix was by extending the provided Widget and adding nonce to a custom template. Ultimately, I was able to work around by providing a separate script that lives at the page level. I'll be happy to put together a PR to fix if interested in this more generally.