Make django-leaflet compatible with CSP

makinacorpus / django-leaflet

Use Leaflet in your Django projects

GNU Lesser General Public License v3.0

716 stars 282 forks source link

Make django-leaflet compatible with CSP #371

Closed maxfenv closed 6 months ago

maxfenv commented 7 months ago

This PR makes django-leaflet (hopefully) compatible with CSP. I initially intended to do this by removing all inline styles and scripts, but quickly found that approach to not be easily workable. I just couldn't see my way to doing it in the context of having multiple maps on one page.

Instead I started adding an optional 'csp_nonce' to tags that cause inline styles to be rendered.

This work builds on top of that by @rodolvbg started in #337.

maxfenv commented 7 months ago

Addresses #334

Gagaro commented 6 months ago

Thanks for the PR :+1: