Externalize more resources, implement Content-Security-Policy headers

2026-05-04 15:04:03 +00:00 · 2016-04-10 17:30:24 +02:00
parent 5cca426cd3
commit 02fb27fa5d
19 changed files with 494 additions and 297 deletions
--- a/src/pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js
+++ b/src/pretix/plugins/statistics/static/pretixplugins/statistics/statistics.js
@@ -1,11 +1,12 @@
-/*globals $, Morris*/
+/*globals $, Morris, gettext*/
 $(function () {
+    $(".chart").css("height", "250px");
    new Morris.Area({
        element: 'obd_chart',
        data: JSON.parse($("#obd-data").html()),
        xkey: 'date',
        ykeys: ['ordered', 'paid'],
-        labels: ['{% trans "Placed orders" %}', '{% trans "Paid orders" %}'],
+        labels: [gettext('Placed orders'), gettext('Paid orders')],
        lineColors: ['#000099', '#009900'],
        smooth: false,
        resize: true,
@@ -17,18 +18,18 @@ $(function () {
        data: JSON.parse($("#rev-data").html()),
        xkey: 'date',
        ykeys: ['revenue'],
-        labels: ['{% trans "Total revenue" %}'],
+        labels: [gettext('Total revenue')],
        smooth: false,
        resize: true,
        fillOpacity: 0.3,
-        preUnits: '{{ request.event.currency }} '
+        preUnits: $.trim($("#currency").html()) + ' '
    });
    new Morris.Bar({
        element: 'obp_chart',
-        data: JSON.parse($("#odp-data").html()),
+        data: JSON.parse($("#obp-data").html()),
        xkey: 'item',
        ykeys: ['ordered', 'paid'],
-        labels: ['{% trans "Placed orders" %}', '{% trans "Paid orders" %}'],
+        labels: [gettext('Placed orders'), gettext('Paid orders')],
        barColors: ['#000099', '#009900'],
        resize: true
    });
--- a/src/pretix/plugins/statistics/templates/pretixplugins/statistics/index.html
+++ b/src/pretix/plugins/statistics/templates/pretixplugins/statistics/index.html
@@ -10,7 +10,7 @@
            <h3 class="panel-title">{% trans "Orders by day" %}</h3>
        </div>
        <div class="panel-body">
-            <div id="obd_chart" style="height: 250px;"></div>
+            <div id="obd_chart" class="chart"></div>
        </div>
    </div>
    <div class="panel panel-default">
@@ -18,7 +18,7 @@
            <h3 class="panel-title">{% trans "Revenue over time" %}</h3>
        </div>
        <div class="panel-body">
-            <div id="rev_chart" style="height: 250px;"></div>
+            <div id="rev_chart" class="chart"></div>
        </div>
    </div>
    <div class="panel panel-default">
@@ -26,12 +26,13 @@
            <h3 class="panel-title">{% trans "Orders by product" %}</h3>
        </div>
        <div class="panel-body">
-            <div id="obp_chart" style="height: 250px;"></div>
+            <div id="obp_chart" class="chart"></div>
        </div>
    </div>
    <script type="application/json" id="obd-data">{{ obd_data|safe }}</script>
    <script type="application/json" id="rev-data">{{ rev_data|safe }}</script>
    <script type="application/json" id="obp-data">{{ obp_data|safe }}</script>
+    <script type="application/text" id="currency">{{ request.event.currency }}</script>
    <script type="application/javascript" src="{% static "pretixplugins/statistics/statistics.js" %}"></script>
 {% endblock %}

--- a/src/pretix/plugins/statistics/views.py
+++ b/src/pretix/plugins/statistics/views.py
@@ -15,6 +15,12 @@ class IndexView(EventPermissionRequiredMixin, TemplateView):
    template_name = 'pretixplugins/statistics/index.html'
    permission = 'can_view_orders'

+    def get(self, request, *args, **kwargs):
+        resp = super().get(request, *args, **kwargs)
+        # required by raphael.js
+        resp['Content-Security-Policy'] = "script-src {static} 'unsafe-eval'; style-src {static} 'unsafe-inline'"
+        return resp
+
    def get_context_data(self, **kwargs):
        ctx = super().get_context_data(**kwargs)

@@ -75,13 +81,13 @@ class IndexView(EventPermissionRequiredMixin, TemplateView):
                i.id: str(i.name)
                for i in Item.objects.filter(event=self.request.event)
            }
-            ctx['obp_data'] = [
+            ctx['obp_data'] = json.dumps([
                {
                    'item': item_names[item],
                    'ordered': cnt,
                    'paid': num_paid.get(item, 0)
                } for item, cnt in num_ordered.items()
-            ]
+            ])
            cache.set('statistics_obp_data', ctx['obp_data'])

        ctx['rev_data'] = cache.get('statistics_rev_data')