Open MarkusH opened 1 year ago
The current kagi/templates/kagi/base.html contains the following content:
kagi/templates/kagi/base.html
<script> window.Kagi = window.Kagi || {}; Kagi.begin_activate = '{% url 'kagi:begin-activate' %}'; Kagi.begin_assertion = '{% url 'kagi:begin-assertion' %}'; Kagi.verify_credential_info = '{% url 'kagi:verify-credential-info' %}'; Kagi.verify_assertion = '{% url 'kagi:verify-assertion' %}'; Kagi.keys_list = '{% url 'kagi:webauthn-keys' %}'; </script>
This is not ideal, when considering adding CSPs to a site. Instead, we should probably use json_script instead:
json_script
{{ kagi_urls | json_script:"kagi-urls" }}
This would then result in:
<script id="kagi-urls" type="application/json"> { "begin_activate": "/kagi/api/begin-activate/", "begin_assertion": "/kagi/api/begin-assertion/", "verify_credential_info": "/kagi/api/verify-credential-info/", "verify_assertion": "/kagi/api/verify-assertion/" } </script>
That said, key_list doesn't appear to be used.
key_list
The current
kagi/templates/kagi/base.html
contains the following content:This is not ideal, when considering adding CSPs to a site. Instead, we should probably use
json_script
instead:This would then result in:
That said,
key_list
doesn't appear to be used.