CSP issues with file field #30
Comments
|
P.S: I'll work on fixing the test if we go in the direction of removing the script tag |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi all
The CSP compatibility have already been investigated for bootstrap 5, and I was wondering if we could also do it for bootstrap 4, I stumbled upon this compatibility issue some weeks ago.
Following bootstrap doc by using bs-custom-file-input plugin I was able to remove the script tag (cf #29) and thus make the file field compatible with CSP. My question is whether we should or not remove the script tag as it is a breaking change, all current setup of crispy with custome-file-input and without the plugin will not work visually not work anymore. In a setup with bootstrap 4.3, even with the plugin, the file chosen was not rendered, I had to update to 4.6. Would mentioning in the doc that we have to use boostrap 4.6 and bs-custom-file-input or an equivalent is enough ?
P.S: by csp compatible, I mean without using
unsafe-inlineThe text was updated successfully, but these errors were encountered: