New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Usage when also using django-csp #946
Comments
There are a couple issues here:
The way out of this is to modify the template compressor uses ( Ideally, someone (you? :) would make a patch against compressor that does this automatically if a |
@diox Thanks for the info. This is actually my first brush with compressor. I'll look into making a PR for this as having it upstream would certainly be better for me as well. Let me look at this and I'll put something up. Thanks for the lead. |
I've opened a PR here #947 with the rudiments of the idea. |
- [ ] Add template changes - [ ] Add branches for non-csp users Fixes django-compressor#946
- [ ] Add template changes - [ ] Add branches for non-csp users Fixes django-compressor#946
Seems to me this would be better handled in django-csp. I think we'd just have to modify https://github.com/mozilla/django-csp/blob/main/csp/utils.py#L158 to check for src attribute and if one exists, pull it up to the nonced script (and raise an error if there was also content). (as long as that plays well with offline compression, but I don't see why it wouldn't). |
Hey all,
I've got a bunch of js files in html tempaltes which I'm compressing as
And this works well. However I'm trying to add nonce-ing as
The string
{{request.csp_nonce}}
seems to get picked up as a jinja variable and I'm getting aOfflineGenerationError: You have offline compression enabled but key "some hash" is missing from offline manifest.
I've tried addingto my settings file, but no dice. I've also checked the manifest file and indeed the hash is missing. I'm not sure where it's coming from. Has anyone worked with this combination? Am I missing something obvious?
The text was updated successfully, but these errors were encountered: