Help with Django csp

Coolmike890 · May 2, 2024, 7:46pm

I’m trying to work my way through implementing csp. Could someone explain to me why I get this:

The page’s settings would block an inline style (style-src-elem) from being applied because it violates the following directive: “style-src *”

When I use this directive:
CSP_STYLE_SRC = (‘*’)

?
I thought this would let anything through, but apparently it does not. I don’t know how I can begin to filter things when I can’t even get a wildcard to work. Do I not understand how it works, or am I getting syntax wrong?

Thanks

KenWhitesell · May 2, 2024, 9:52pm

If you’re talking about this package - django-csp — Django-CSP 3.8 documentation, then yes, it’s a syntax thing.

From the docs:

CSP_STYLE_SRC
Set the style-src directive. A tuple or list. None

What you’re setting this to is a string, not a tuple or list.

(See the blue note box in the section Configuring django-csp — Django-CSP 3.8 documentation)

(And, if necessary, see the docs on tuples)

Coolmike890 · May 3, 2024, 2:47pm

That’s very helpful.

Thank you!

Topic		Replies	Views
Django-csp and css inline Templates & Frontend	1	26	January 26, 2025
Issue with static files Templates & Frontend	7	2100	April 29, 2023
Question about CSP and XSS Getting Started	4	502	December 5, 2023
Some CSS Styles Not Loading, Others Fine Templates & Frontend	8	10318	April 2, 2024
MIME type error with css file and load static showing in plain text - Django on PyCharm IDE Templates & Frontend	51	1682	March 14, 2024

Help with Django csp

Related topics