#36784: Add CSP support to Django's script object and media objects
--------------------------------+------------------------------------
Reporter: Johannes Maron | Owner: (none)
Type: New feature | Status: new
Component: Forms | Version: 6.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------+------------------------------------
Changes (by Natalia Bidart):
* cc: Tobias Kunze, David Smith (added)
* stage: Unreviewed => Accepted
Comment:
I've been thinking about this and I see a couple of options:
* A decent workaround would be to define a template filter that would take
the nonce and include it in the tag. We could perhaps write a how-to to
backport and include in 6.0.
* For `main`, I agree that we should ideally have something more "first
class citizen" in the objects. I'm adding a few folks as cc to see what
they think.
Given the above, I'll accept pending a design discussion for the "new
feature" part for 6.1. In any case, Johannes it would be super helpful if
you could attach a minimal sample project showing the use cases.
--
Ticket URL: <https://code.djangoproject.com/ticket/36784#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019b05dce1b3-fca3103b-6b71-423c-a57c-38345adc8f06-000000%40eu-central-1.amazonses.com.
