Opened 8 years ago
Last modified 8 months ago
#25706 assigned Cleanup/optimization
Support CSP default-src 'self' on Django Admin GIS
Reported by: | Thomas Grainger | Owned by: | Claude Paroz |
---|---|---|---|
Component: | GIS | Version: | dev |
Severity: | Normal | Keywords: | CSP inline javascript |
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Currently there's work (https://github.com/django/django/pull/5567) to comply with Content-Security-Policy: default-src 'self' on the base admin.
It's going to require further re-factoring to apply the same to django GIS
This change will also require the addition of Selenium tests for the Django Admin GIS UI
See also #15727
Change History (10)
comment:1 Changed 8 years ago by
Description: | modified (diff) |
---|---|
Keywords: | CSP inline javascript added |
comment:2 Changed 8 years ago by
Description: | modified (diff) |
---|
comment:3 Changed 8 years ago by
Description: | modified (diff) |
---|
comment:4 Changed 8 years ago by
Component: | Uncategorized → GIS |
---|---|
Triage Stage: | Unreviewed → Accepted |
Type: | Uncategorized → Cleanup/optimization |
Version: | 1.8 → master |
comment:5 Changed 7 years ago by
comment:7 Changed 22 months ago by
Owner: | changed from nobody to Claude Paroz |
---|---|
Status: | new → assigned |
comment:10 Changed 8 months ago by
Absolutely, the challenge here is to remove any JS code from contrib/gis/templates/gis/openlayers.html
(and openlayers-osm.html
), which is currently defining the base map layer and instanciating the MapWidget (with that layer in initializer options).
Any suggestion on how to proceed without losing customization capabilities is warmly welcome!
This PR does the job for the GIS forms/widgets. I may need help for JS correctness...