Opened 2 years ago

Last modified 15 months ago

#25706 new Cleanup/optimization

Support CSP default-src 'self' on Django Admin GIS

Reported by: Thomas Grainger Owned by: nobody
Component: GIS Version: master
Severity: Normal Keywords: CSP inline javascript
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Thomas Grainger)

Currently there's work (https://github.com/django/django/pull/5567) to comply with Content-Security-Policy: default-src 'self' on the base admin.

It's going to require further re-factoring to apply the same to django GIS

This change will also require the addition of Selenium tests for the Django Admin GIS UI
See also #15727

Change History (5)

comment:1 Changed 2 years ago by Thomas Grainger

Description: modified (diff)
Keywords: CSP inline javascript added

comment:2 Changed 2 years ago by Thomas Grainger

Description: modified (diff)

comment:3 Changed 2 years ago by Thomas Grainger

Description: modified (diff)

comment:4 Changed 2 years ago by Tim Graham

Component: UncategorizedGIS
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization
Version: 1.8master

comment:5 Changed 15 months ago by Claude Paroz

This PR does the job for the GIS forms/widgets. I may need help for JS correctness...

Note: See TracTickets for help on using tickets.
Back to Top