1
Fork 0

Add SRI for static assets

Will extract out into a library someday
This commit is contained in:
Jake Howard 2020-05-02 13:48:44 +01:00
parent 15c25e5cdb
commit 2d7dea438f
Signed by: jake
GPG key ID: 57AFB45680EDD477
3 changed files with 59 additions and 4 deletions

View file

@ -1,4 +1,5 @@
{% load static %} {% load static %}
{% load sri %}
<!DOCTYPE HTML> <!DOCTYPE HTML>
<html lang="en" dir="ltr"> <html lang="en" dir="ltr">
@ -13,8 +14,10 @@
<link rel="icon" type="image/png" href='{% static "img/logo-transparent.png" %}'/> <link rel="icon" type="image/png" href='{% static "img/logo-transparent.png" %}'/>
<title>{% block title %}{% endblock %} :: TheOrangeOne</title> <title>{% block title %}{% endblock %} :: TheOrangeOne</title>
<link rel="stylesheet" href="{% static 'css/font-awesome.min.css' %}" />
<link rel="stylesheet" href="{% static 'css/index.css' %}" /> {% sri_css "css/font-awesome.min.css" %}
{% sri_css "css/index.css" %}
</head> </head>
<body class="{{ view_name }}"> <body class="{{ view_name }}">
<header id="top"> <header id="top">
@ -47,8 +50,9 @@
</footer> </footer>
{% endblock %} {% endblock %}
<script type="text/javascript" src="{% static 'js/materialize.min.js' %}"></script>
<script type="text/javascript" src="{% static 'js/index.js' %}"></script> {% sri_js "js/materialize.min.js" %}
{% sri_js "js/index.js" %}
{% block extrascripts %}{% endblock %} {% block extrascripts %}{% endblock %}
</body> </body>

View file

View file

@ -0,0 +1,51 @@
# Based off https://github.com/claudep/django/commit/89aa4c04dbffcbafc05c3e2053b2262be8de4d3d
import base64
import hashlib
import os
from functools import lru_cache
from django import template
from django.conf import settings
from django.templatetags.static import static
from django.utils.safestring import mark_safe
register = template.Library()
@lru_cache
def generate_sha256(path):
with open(path, "r") as f:
body = f.read()
digest = hashlib.sha256(body.encode()).digest()
sha = base64.b64encode(digest).decode()
return "sha256-{}".format(sha)
def attrs_to_str(attrs):
return " ".join('{}="{}"'.format(k, v) for k, v in attrs.items())
@register.simple_tag
def sri_js(url):
path = os.path.join(settings.STATIC_ROOT, url)
attrs = {
"href": static(url),
"type": "text/javascript",
"integrity": generate_sha256(path),
"crossorigin": "anonymous",
}
return mark_safe(f"<script {attrs_to_str(attrs)}></script>")
@register.simple_tag
def sri_css(url):
path = os.path.join(settings.STATIC_ROOT, url)
attrs = {
"href": static(url),
"type": "text/css",
"rel": "stylesheet",
"integrity": generate_sha256(path),
"crossorigin": "anonymous",
}
return mark_safe(f"<link {attrs_to_str(attrs)}/>")