You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To work with django-csp it should be modified to check if request.csp_nonce is available and if yes add the nonce so the final output will be: <script type="application/ld+json" nonce="xxx">...</script>
It might also be prudent to allow a more versatile approach where custom nonces can be passed, this way users are not tied to having to use django-csp
Update:
I made wagtail-schema.org compatible with django-csp by making the following changes in a custom templatetag file:
import json
from django import template
from django.utils.html import conditional_escape
from django.utils.safestring import mark_safe
from wagtailschemaorg.encoder import JSONLDEncoder
from wagtailschemaorg.registry import registry
from wagtailschemaorg.templatetags.wagtailschemaorg_tags import *
register = template.Library()
def nl(xs):
return mark_safe('\n'.join(map(conditional_escape, xs)))
def ld_for_site(site, nonce=None):
f = lambda lst: ld_print_entity(lst, nonce)
return nl(map(f, registry.get_entities(site)))
def ld_print_entity(entity, nonce):
json_out = json.dumps(entity, cls=JSONLDEncoder, sort_keys=True)
return mark_safe('<script type="application/ld+json"{}>{}</script>'.format(nonce,json_out))
@register.simple_tag(takes_context=True)
def custom_ld_for_site(context, site=None):
if site is None:
site = Site.find_for_request(context["request"])
nonce = ""
if context.request.csp_nonce:
nonce = f" nonce=\"{context.request.csp_nonce}\""
return ld_for_site(site, nonce)
Include on a Django template:
{% custom_ld_for_site %}
The text was updated successfully, but these errors were encountered:
The wagtail-schema.org app seems to use this template tag to output the script element:
To work with
django-csp
it should be modified to check ifrequest.csp_nonce
is available and if yes add the nonce so the final output will be:<script type="application/ld+json" nonce="xxx">...</script>
It might also be prudent to allow a more versatile approach where custom nonces can be passed, this way users are not tied to having to use
django-csp
Update:
I made wagtail-schema.org compatible with
django-csp
by making the following changes in a custom templatetag file:Include on a Django template:
The text was updated successfully, but these errors were encountered: