Merge pull request #28 from mikebryant/add-csp

Add Content Security Policy support
ocadotechnology · Jul 26, 2016 · a6afe10 · a6afe10
2 parents 4ec83a5 + 4040987
commit a6afe10
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 25 deletions.
diff --git a/nuit/autoconfig.py b/nuit/autoconfig.py
@@ -3,6 +3,17 @@
 
 
 SETTINGS = {
+    # For use with django-csp
+    'CSP_STYLE_SRC': (
+        "'self'",
+        # modernizr.js
+        "'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw='",
+        "'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE='",
+        "'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0='",
+        "'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk='",
+        # jquery.js
+        "'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='",
+    ),
     'TEMPLATE_CONTEXT_PROCESSORS': [
         'django.core.context_processors.request',
         'nuit.context_processors.nuit',

diff --git a/nuit/static/nuit/css/no-toggle-topbar.css b/nuit/static/nuit/css/no-toggle-topbar.css
@@ -0,0 +1,3 @@
+.toggle-topbar {
+    display: none;
+}
diff --git a/nuit/static/nuit/js/login.js b/nuit/static/nuit/js/login.js
@@ -0,0 +1,6 @@
+$(document).ready(function() {
+    $('#login-button').click(function() {
+        $(this).addClass('hide');
+        $('#login-loader').removeClass('hide');
+    });
+});
diff --git a/nuit/templates/nuit/bases/_error_page.html b/nuit/templates/nuit/bases/_error_page.html
@@ -5,13 +5,9 @@
 
 {% block css %}
 
-<style type='text/css'>
+    {{ block.super }}
 
-    .toggle-topbar {
-        display: none;
-    }
-
-</style>
+    <link rel='stylesheet' type='text/css' href='{% static 'nuit/css/no-toggle-topbar.css' %}' />
 
 {% endblock css %}
 

diff --git a/nuit/templates/nuit/generic/login.html b/nuit/templates/nuit/generic/login.html
@@ -5,13 +5,9 @@
 
 {% block css %}
 
-<style type='text/css'>
+    {{ block.super }}
 
-    .login-loader, .toggle-topbar {
-        display: none;
-    }
-
-</style>
+    <link rel='stylesheet' type='text/css' href='{% static 'nuit/css/no-toggle-topbar.css' %}' />
 
 {% endblock css %}
 
@@ -44,8 +40,8 @@ <h1>{{NUIT_GLOBAL_TITLE|default:'Nuit'}}</h1>
             <input type='password' id='password' name='password' placeholder='Password'>
 
             <div class='submit'>
-                <div class='login-loader'>{% include 'nuit/includes/loader.html' with size=48 %}</div>
-                <button class='button expand'>Login</button>
+                <div class='hide' id='login-loader'>{% include 'nuit/includes/loader.html' with size=48 %}</div>
+                <button class='button expand' id='login-button'>Login</button>
             </div>
 
             <input type='hidden' name='next' value='{{next}}' />
@@ -60,15 +56,8 @@ <h1>{{NUIT_GLOBAL_TITLE|default:'Nuit'}}</h1>
 
 {% block scripts %}
 
-<script type='text/javascript'>
-
-    $(document).ready(function() {
-        $('button').click(function() {
-            $(this).hide();
-            $('.login-loader').show();
-        });
-    });
+    {{ block.super }}
 
-</script>
+    <script type='text/javascript' src='{% static 'nuit/js/login.js' %}'></script>
 
 {% endblock scripts %}
diff --git a/nuit/templatetags/nuit.py b/nuit/templatetags/nuit.py
@@ -43,7 +43,7 @@ def set_active_menu(active_menu):
     Inserts a span with a class of .nuit-active-menu that is picked up by Javascript
     to highlight the correct menu item.
     '''
-    return format_html("<span style='display: none' class='nuit-active-menu'>{}</span>", active_menu)
+    return format_html("<span class='hide nuit-active-menu'>{}</span>", active_menu)
 
 
 class ExtendNode(ExtendsNode):

diff --git a/nuit/tests/test_main.py b/nuit/tests/test_main.py
@@ -186,7 +186,7 @@ def test_set_active_menu(self):
         output = soup(set_active_menu('bob')).find('span')
         self.assertEqual('bob', output.text)
         self.assertTrue('nuit-active-menu' in output.attrs['class'])
-        self.assertTrue('display: none' in output.attrs['style'])
+        self.assertTrue('hide' in output.attrs['class'])
 
     def test_menu_item(self):