diff options
| author | Jelle van der Waa <jelle@vdwaa.nl> | 2019-01-29 16:42:54 +0100 |
|---|---|---|
| committer | Jelle van der Waa <jelle@archlinux.org> | 2019-02-18 16:42:51 +0100 |
| commit | 3525458926dfa47e6c7bcedb4304cc243e78d47a (patch) | |
| tree | 413b8c898c71fd6a07c797193768eaaf0071e80a /templates/mirrors | |
| parent | 6b22bedd82ae69a54f15c2f5f64f9f3945e5fb43 (diff) | |
| download | archweb-3525458926dfa47e6c7bcedb4304cc243e78d47a.tar.gz archweb-3525458926dfa47e6c7bcedb4304cc243e78d47a.zip | |
Implement CSP for archweb
Add django-csp as dependency to be able to set CSP inside django's
settings and allow setting a CSP_NONCE for inline <script>'s in
templates. Since archweb heavily uses this pattern it's the best
compromise.
Diffstat (limited to 'templates/mirrors')
| -rw-r--r-- | templates/mirrors/mirror_details.html | 2 | ||||
| -rw-r--r-- | templates/mirrors/mirrors.html | 2 | ||||
| -rw-r--r-- | templates/mirrors/status.html | 2 | ||||
| -rw-r--r-- | templates/mirrors/url_details.html | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/templates/mirrors/mirror_details.html b/templates/mirrors/mirror_details.html index 0c0d5559..05a4b0da 100644 --- a/templates/mirrors/mirror_details.html +++ b/templates/mirrors/mirror_details.html @@ -115,7 +115,7 @@ <script type="text/javascript" src="{% static "d3-3.0.6.min.js" %}"></script> <script type="text/javascript" src="{% static "archweb.js" %}"></script> <script type="text/javascript" src="{% static "mirror_status.js" %}"></script> -<script type="text/javascript"> +<script type="text/javascript" nonce={{ CSP_NONCE }}> $(document).ready(function() { $("#available_urls:has(tbody tr)").tablesorter( {widgets: ['zebra'], sortList: [[1,0], [2,0]], diff --git a/templates/mirrors/mirrors.html b/templates/mirrors/mirrors.html index 7da11268..55eb0f8c 100644 --- a/templates/mirrors/mirrors.html +++ b/templates/mirrors/mirrors.html @@ -47,7 +47,7 @@ </div> {% load cdn %}{% jquery %}{% jquery_tablesorter %} <script type="text/javascript" src="{% static "archweb.js" %}"></script> -<script type="text/javascript"> +<script type="text/javascript" nonce={{ CSP_NONCE }}> $(document).ready(function() { $(".results").tablesorter({widgets: ['zebra'], sortList: [[2,0], [0,0]]}); }); diff --git a/templates/mirrors/status.html b/templates/mirrors/status.html index 39d68460..fb318480 100644 --- a/templates/mirrors/status.html +++ b/templates/mirrors/status.html @@ -77,7 +77,7 @@ {% block script_block %} {% load cdn %}{% jquery %}{% jquery_tablesorter %} <script type="text/javascript" src="{% static "archweb.js" %}"></script> -<script type="text/javascript"> +<script type="text/javascript" nonce={{ CSP_NONCE }}> $(document).ready(function() { var headers = { 4: { sorter: 'duration' }, 5: { sorter: 'mostlydigit' }, 6: { sorter: 'mostlydigit' }, 7: { sorter: 'mostlydigit' }, diff --git a/templates/mirrors/url_details.html b/templates/mirrors/url_details.html index 2454eda4..6e64b08c 100644 --- a/templates/mirrors/url_details.html +++ b/templates/mirrors/url_details.html @@ -64,7 +64,7 @@ {% block script_block %} {% load cdn %}{% jquery %}{% jquery_tablesorter %} <script type="text/javascript" src="{% static "archweb.js" %}"></script> -<script type="text/javascript"> +<script type="text/javascript" nonce={{ CSP_NONCE }}> $(document).ready(function() { $("#check_logs:has(tbody tr)").tablesorter( {widgets: ['zebra'], sortList: [[0,1]], |