search

sehmaschine / django-grappelli

A jazzy skin for the Django Admin-Interface (official repository).
http://www.grappelliproject.com
Other
3.77k stars 657 forks source link

Content Security Policy (CSP Support) #1019

Open billy-felton opened 1 year ago

billy-felton commented 1 year ago

Hi All,

We are using Grappelli in our application and are currently updating our Content Security Policy header.

When using the the Django CMS with Grapelli it flags up many instances where inline Javascript and inline CSS is being used which violates our CSP policy.

I had one approach of updating all the templates to support a "nonce-..." value, as well us restructuring the CSS and scripts to be in their own files but this would take a lot of work and would be difficult to maintain when a new version of Grappelli is released.

Has anyone else encountered this issue? or does anyone know if this is a issue currently being worked on?

Many Thanks, Billy

sehmaschine commented 1 year ago

see also #684

And to answer your question: We are currently not working on this issue, but I do see your point and the need to fix this. If we find the time, we'll look into this.