Opened 8 years ago
Last modified 8 months ago
#25706 assigned Cleanup/optimization
Support CSP default-src 'self' on Django Admin GIS
| Reported by: | Thomas Grainger | Owned by: | Claude Paroz |
|---|---|---|---|
| Component: | GIS | Version: | dev |
| Severity: | Normal | Keywords: | CSP inline javascript |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Currently there's work (https://github.com/django/django/pull/5567) to comply with Content-Security-Policy: default-src 'self' on the base admin.
It's going to require further re-factoring to apply the same to django GIS
This change will also require the addition of Selenium tests for the Django Admin GIS UI
See also #15727
Change History (10)
comment:1 Changed 8 years ago by
| Description: | modified (diff) |
|---|---|
| Keywords: | CSP inline javascript added |
comment:2 Changed 8 years ago by
| Description: | modified (diff) |
|---|
comment:3 Changed 8 years ago by
| Description: | modified (diff) |
|---|
comment:4 Changed 8 years ago by
| Component: | Uncategorized → GIS |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
| Version: | 1.8 → master |
comment:5 Changed 7 years ago by
comment:7 Changed 22 months ago by
| Owner: | changed from nobody to Claude Paroz |
|---|---|
| Status: | new → assigned |
comment:10 Changed 8 months ago by
Absolutely, the challenge here is to remove any JS code from contrib/gis/templates/gis/openlayers.html (and openlayers-osm.html), which is currently defining the base map layer and instanciating the MapWidget (with that layer in initializer options).
Any suggestion on how to proceed without losing customization capabilities is warmly welcome!
Note: See
TracTickets for help on using
tickets.
This PR does the job for the GIS forms/widgets. I may need help for JS correctness...