search

otto-torino / django-baton

A cool, modern and responsive django admin application based on bootstrap 5 that brings AI to the Django admin - https://baton.sqrt64.it/
MIT License
876 stars 95 forks source link

Move inline JS to separate files #237

Closed marius-mather closed 1 year ago

marius-mather commented 1 year ago

As mentioned in #234, inline JS prevents setting a more robust Content Security Policy - you need to allow unsafe-inline which is not recommended.

From what I can see it's fairly straightforward to move the current inline JS in django-baton to separate static files.

For greater security you could potentially look at a solution like django-sri so all static files have integrity hashes attached, but I don't want to make unsolicited changes to introduce new dependencies!

abidibo commented 1 year ago

Ok @marius-mather , I'll probably add this in the next release, thanks