Content Security Policy (CSP Support)

[Billy Felton]

Hi All,

We are using Grappelli in our application and are currently updating our Content Security Policy header.

When using the the Django CMS with Grapelli it flags up many instances where inline Javascript and inline CSS is being used which violates our CSP policy.

I had one approach of updating all the templates to support a "nonce-..." value, as well us restructuring the CSS and scripts to be in their own files but this would take a lot of work and would be difficult to maintain when a new version of Grappelli is released.

Has anyone else encountered this issue? or does anyone know if this is a issue currently being worked on?

Many Thanks,

Billy