diff options
| author | Jelle van der Waa <jelle@vdwaa.nl> | 2019-01-29 16:42:54 +0100 |
|---|---|---|
| committer | Jelle van der Waa <jelle@archlinux.org> | 2019-02-18 16:42:51 +0100 |
| commit | 3525458926dfa47e6c7bcedb4304cc243e78d47a (patch) | |
| tree | 413b8c898c71fd6a07c797193768eaaf0071e80a /templates/public | |
| parent | 6b22bedd82ae69a54f15c2f5f64f9f3945e5fb43 (diff) | |
| download | archweb-3525458926dfa47e6c7bcedb4304cc243e78d47a.tar.gz archweb-3525458926dfa47e6c7bcedb4304cc243e78d47a.zip | |
Implement CSP for archweb
Add django-csp as dependency to be able to set CSP inside django's
settings and allow setting a CSP_NONCE for inline <script>'s in
templates. Since archweb heavily uses this pattern it's the best
compromise.
Diffstat (limited to 'templates/public')
| -rw-r--r-- | templates/public/keys.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/templates/public/keys.html b/templates/public/keys.html index 37d5b232..978abaab 100644 --- a/templates/public/keys.html +++ b/templates/public/keys.html @@ -139,7 +139,7 @@ <script type="text/javascript" src="{% static "d3-3.0.6.min.js" %}"></script> <script type="text/javascript" src="{% static "archweb.js" %}"></script> <script type="text/javascript" src="{% static "visualize.js" %}"></script> -<script type="text/javascript"> +<script type="text/javascript" nonce={{ CSP_NONCE }}> $(document).ready(function() { $("#key-status").tablesorter({ sortLocaleCompare: true, |