#36549: OpenLayersWidget needs special rules when CSP is enabled
-------------------------------------+-------------------------------------
Reporter: Natalia Bidart | Type: Bug
Status: new | Component: GIS
Version: dev | Severity: Release
| blocker
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
When using a `OpenLayersWidget` (for example via the `GISModelAdmin`),
which declares custom javascript and css resoures, and if the CSP
middleware is enabled with a commonly secure rule, the JS and CSS
resources are blocked. Full description can be seen here
https://forum.djangoproject.com/t/csp-and-geodjango/41879.
We need to, at least, mention this in the geodjango docs, likely in the
https://docs.djangoproject.com/en/5.2/ref/contrib/gis/forms-api/ section,
extending the existing paragraph:
> OpenLayersWidget and OSMWidget use the ol.js file hosted on the
cdn.jsdelivr.net content-delivery network. You can subclass these widgets
in order to specify your own version of the ol.js file in the js property
of the inner Media class (see Assets as a static definition).
This is a release blocker for 6.0. If we are only doing the docs change,
it has to land before release candidate (i.e. before string freeze)
--
Ticket URL: <https://code.djangoproject.com/ticket/36549>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070198a343f675-79d73c50-dc87-4c61-8492-86b1134d570f-000000%40eu-central-1.amazonses.com.
