Our site requires a Content Security Policy and uses django-csp to implement this. One restriction is that inline scripts must have a nonce. Since this library makes use of an inline script to wire up JSONEditor to the form fields in the Widget, we are unable to use the library as is.
What I Did
Since request is not available to the context of a Widget, my first attempt to fix was by extending the provided Widget and adding nonce to a custom template. Ultimately, I was able to work around by providing a separate script that lives at the page level. I'll be happy to put together a PR to fix if interested in this more generally.
Description
Our site requires a Content Security Policy and uses django-csp to implement this. One restriction is that inline scripts must have a nonce. Since this library makes use of an inline script to wire up
JSONEditor
to the form fields in the Widget, we are unable to use the library as is.What I Did
Since
request
is not available to the context of a Widget, my first attempt to fix was by extending the provided Widget and adding nonce to a custom template. Ultimately, I was able to work around by providing a separate script that lives at the page level. I'll be happy to put together a PR to fix if interested in this more generally.