diff options
author | Jelle van der Waa <jelle@vdwaa.nl> | 2019-01-29 16:42:54 +0100 |
---|---|---|
committer | Jelle van der Waa <jelle@archlinux.org> | 2019-02-18 16:42:51 +0100 |
commit | 3525458926dfa47e6c7bcedb4304cc243e78d47a (patch) | |
tree | 413b8c898c71fd6a07c797193768eaaf0071e80a /templates/news/add.html | |
parent | 6b22bedd82ae69a54f15c2f5f64f9f3945e5fb43 (diff) |
Implement CSP for archweb
Add django-csp as dependency to be able to set CSP inside django's
settings and allow setting a CSP_NONCE for inline <script>'s in
templates. Since archweb heavily uses this pattern it's the best
compromise.
Diffstat (limited to 'templates/news/add.html')
-rw-r--r-- | templates/news/add.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/news/add.html b/templates/news/add.html index 51094659..f171b503 100644 --- a/templates/news/add.html +++ b/templates/news/add.html @@ -35,7 +35,7 @@ </div> {% load cdn %}{% jquery %} <script type="text/javascript" src="{% static "archweb.js" %}"></script> -<script type="text/javascript"> +<script type="text/javascript" nonce={{ CSP_NONCE }}> $(document).ready(enablePreview); </script> {% endblock %} |