rdrf #2270 started wrapper

muccg · Dec 2, 2022 · 9dfd6ad · 9dfd6ad
1 parent b529649
commit 9dfd6ad
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 2 deletions.
diff --git a/rdrf/dashboards/wrapper.py b/rdrf/dashboards/wrapper.py
@@ -0,0 +1,14 @@
+from django_plotly_dash import DjangoDash
+
+
+class CSPDjangoDash(DjangoDash):
+    def __init__(self, *args, **kwargs):
+        self.csp = kwargs.pop("csp")
+        super().__init__(self, *args, **kwargs)
+
+    def csp_wrap(self, csp_dict):
+
+        content_security_policy = {
+            "default-src": "'self'",
+            "script-src": ["'self'"] + app.csp_hashes_inline_scripts(),
+        }
diff --git a/rdrf/rdrf/settings.py b/rdrf/rdrf/settings.py
@@ -926,13 +926,30 @@ def get(self, parameter, default_value):
 
 
 # Django CSP settings
-CSP_SCRIPT_SRC = ["'self'", "'sha256-r8Ei+YwP2DFcnblmk8Dzmb7Kh1iRT/3fv8R9JsfGd/Y='"]
+CSP_SCRIPT_SRC = [
+    "'self'",
+    "'sha256-r8Ei+YwP2DFcnblmk8Dzmb7Kh1iRT/3fv8R9JsfGd/Y='",
+    "'sha256-hrJUUQGqwvUn6vHiNbJvnKMvoNUImDZW4BWYS1+DveE='",
+    "'sha256-zd5y/MAtmfhfwgK8yvn/mFUcFE7BXp6UcAv3jnE5zZw='",
+    "'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg='",
+    "'sha256-hrJUUQGqwvUn6vHiNbJvnKMvoNUImDZW4BWYS1+DveE='",
+    "unpkg.com",
+]
+
+
 CSP_STYLE_SRC = [
     "'self'",
     "'unsafe-hashes'",
     "'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE='",
     "'sha256-ILezS+pYH/m5JXDQav+PE/702qHfcybyTQN3LgCWO8Y='",
     "'sha256-95UDRqT5lxsVhRRfuJa6qGWsZAFhKXqS7cvo1bxVHcE='",
+    "'sha256-79N0PCus1ItTrODBcppilxJWMQWeWolzFPLtXZFXRSg='",
+    "'sha256-emeTF2a3X40J0nFSPvpt1OLLXerDe/PvLorOzUezxdY='",
+    "'sha256-jZlsGVOhUAIcH+4PVs7QuGZkthRMgvT2n0ilH6/zTM0='",
+    "'sha256-79N0PCus1ItTrODBcppilxJWMQWeWolzFPLtXZFXRSg='",
+    "'sha256-emeTF2a3X40J0nFSPvpt1OLLXerDe/PvLorOzUezxdY='",
+    "stackpath.bootstrapcdn.com",
+    "cdn.jsdelivr.net",
 ]
 CSP_IMG_SRC = ["'self'"]
 

diff --git a/rdrf/rdrf/templates/rdrf_cdes/base-dashboard.html b/rdrf/rdrf/templates/rdrf_cdes/base-dashboard.html
@@ -17,7 +17,7 @@
     <title>{% trans "Rare Disease Registry Framework" %}</title>
 
     <meta name="viewport" content="width=device-width, initial-scale=1">
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self' *.bootstrapcdn.com">
+    <!-- <meta http-equiv="Content-Security-Policy" content="default-src 'self' *.bootstrapcdn.com *.stackpath.bootstrapcdn.com *.unpkg.com" > -->
 
     <link rel="stylesheet" href="{% static 'css/vendor/font-awesome.css' %}">
     <link rel="stylesheet" href="{% static 'bootstrap-5.0.0/css/bootstrap.min.css' %}">