You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Django Debug Toolbar is blocked by CSP if we are using strict-dynamic.
Django already support it from the box if we can include nonce="{{request.csp_nonce}}" in the template
The text was updated successfully, but these errors were encountered:
Django already support it from the box if we can include nonce="{{request.csp_nonce}}" in the template
Can you elaborate on where in the template this should go? A PR would be welcome too. If not, defining this issue so a newcomer could pick it up would be very helpful to us.
Refused to load the script 'http://localhost:8000/static/debug_toolbar/js/toolbar.js' because it violates the following Content Security Policy directive: "script-src-elem 'strict-dynamic'
To fix this, every script/style added in this library should allow to add a nonce.
@tim-schilling according to this proposal it isn't in django core yet. It's a third party project that seems to be the defacto library for django implementations.
Django Debug Toolbar is blocked by CSP if we are using strict-dynamic.
Django already support it from the box if we can include
nonce="{{request.csp_nonce}}"
in the templateThe text was updated successfully, but these errors were encountered: