Django-csp and css inline

Hi,
I have a django-csp configuration problem linked to my use of inline css in a template.

In my template I have :

<div class="bg-green-800" style="width:{{ resultats_votes|get:candidat.id|get:'Excellent'|get:'percentage' }}%"  nonce={{request.csp_nonce}}> </div>

The aim is to generate results bars dynamically.

Capture d'écran 2025-01-26 1823421152×246 8.78 KB

{{request.csp_nonce}} doesn’t do anything. with a ‘print’ in ‘views.py’ I get the value, and the same applies if I put {{request.csp_nonce}} outside the <div> arguments.

{{ results_votes|get:candidate.id|get:‘Excellent’|get:‘percentage’ }} doesn’t display anything when django-csp is activated either. The bars remain empty.

Using dedicated CSS classes seems complicated because the size of each piece of the bar can be any value from 1 to 100.

the only thing that doesn’t cause an error is to use ‘unsafe-inline’ in ‘settings.py’ for CSP_STYLE_SRC_ATTR.

I’ve tried a decorator on my view but I must have the wrong syntax - it has no effect.

@csp_update(CSP_STYLE_SRC_ATTR=[‘’self‘’, ‘https://*.umami.is’, ‘unsafe-inline’]) or @csp_update({‘style-src-attr’: ‘unsafe-inline’})

would you have an idea to help me solve this problem and avoid using unsafe-inline?

Thanks

Welcome @tangilab !

Side note: When posting code or html here, single lines of code should be enclosed between single backtick - ` characters. This means you’ll need a single backtick at the beginning and end of the code (or html) - Example: <span> this is some text </span>. If you don’t do this, the text appears like this: this is some text . (Notice how the html tags have been filtered out.)
If you want to mark a block of code (multiple lines), use three backticks - ``` on the lines before and after the code block. (The lines of ``` must be lines by themselves, and not part of a line.)

I have taken the liberty of modifying your post for you, please remember to do this in the future.