[SECURITY] Support custom media URLs in CSP middleware

2017-08-21 12:00:53 +02:00
parent e23a5c24d6
commit 9a9bb92f91
3 changed files with 31 additions and 5 deletions
--- a/src/pretix/presale/templates/pretixpresale/base.html
+++ b/src/pretix/presale/templates/pretixpresale/base.html
@@ -11,7 +11,7 @@
        <link rel="stylesheet" type="text/x-scss" href="{% static "lightbox/css/lightbox.scss" %}" />
    {% endcompress %}
    {% if css_file %}
-        <link rel="stylesheet" type="text/css" href="{{ css_file }}"/>
+        <link rel="stylesheet" type="text/css" href="{{ css_file }}" nonce="{{ request.csp_nonce }}" />
    {% else %}
        {% compress css %}
            <link rel="stylesheet" type="text/x-scss" href="{% static "pretixpresale/scss/main.scss" %}"/>