Comments (3)
Add log from browser's js-console
from django-csp.
The offending script is at the top of the markup
`<script type="text/javascript">var go_from_select = function(opt) { window.location = window.location.pathname + opt };</script>
By Concelho
<li>
<select class="form-control" style="width: 95%;margin-left: 2%;"
onchange="go_from_select(this.options[this.selectedIndex].value)">
<option selected="selected"
value="?">All</option>
<option
value="?concelho=Alcanena">Alcanena</option>
<option
value="?concelho=Entroncamento">Entroncamento</option>
<option
value="?concelho=Goleg%C3%A3">Golegã</option>
<option
value="?concelho=Tomar">Tomar</option>
<option
value="?concelho=Torres+Novas">Torres Novas</option>
</select>
</li>
I am thinking, override the template to insert the nonce. In that case, the remaining question is, which template?
from django-csp.
@silentsokolov looking at it further I think I will exclude admin prefixes and just use the front door :)
from django-csp.
Related Issues (20)
- nonce, request.csp_nonce and {% script %} all fail to render a nonce HOT 8
- Documentation needs to be updated to mention INSTALLED_APPS HOT 4
- Decorators depending on request method types HOT 3
- Modify CSP based on database? HOT 1
- `CSP_INCLUDE_NONCE_IN` not working? HOT 4
- New release? HOT 11
- State of project HOT 9
- Unrecognized Content Security Policy directive 'worker-src' in Safari Browser HOT 2
- Building the wheel doesn't work HOT 4
- Backwards compatible method of adding 'strict-dynamic' as suffix HOT 1
- Don't include nonces in default-src when CSP_INCLUDE_NONCE_IN is unset / an empty list HOT 3
- Allow direct editing of build policy output HOT 1
- Documentation for context processor HOT 5
- Deprecated Features HOT 5
- interested in adding typing (mypy) support? HOT 4
- Support clearing/unsetting directives via decorator HOT 7
- Support different sets of rules for paths like /admin HOT 8
- Move project to pyproject.toml HOT 1
- Create csp.extensions.NoncedStyle extension HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-csp.