Add in Content Security Policy "nonce" support.

pallets-eco / flask-admin

Simple and extensible administrative interface framework for Flask

https://flask-admin.readthedocs.io

BSD 3-Clause "New" or "Revised" License

5.69k stars 1.56k forks source link

Add in Content Security Policy "nonce" support. #2349

Closed mchineboy closed 8 months ago

mchineboy commented 1 year ago

Relies on Flask-Talisman for setting up the csp_nonce() jinja function.

Otherwise, just places a lambda that returns an empty string.

alanhamlett commented 8 months ago

The inline script problem can be solved without adding new dependencies on Tailwind and Flask-Talisman. I don't think we're ready for such a large change to this project, but without those I'll be willing to merge a PR that only fixes the inline script bug.