From 5c4bbde0bf9832451c7f72d8ab5becba9c683577 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-S=C3=A9bastien=20Caux?= <git@jscaux.org>
Date: Sun, 17 Oct 2021 20:12:53 +0200
Subject: [PATCH] Allow htmx cdn in csp

---
 scipost_django/SciPost_v1/settings/base.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scipost_django/SciPost_v1/settings/base.py b/scipost_django/SciPost_v1/settings/base.py
index 56e3b3571..f9a0c84dd 100644
--- a/scipost_django/SciPost_v1/settings/base.py
+++ b/scipost_django/SciPost_v1/settings/base.py
@@ -244,7 +244,9 @@ CSP_SCRIPT_SRC = ("'self'", 'scipost.org', "'report-sample'",
                   'www.recaptcha.net', 'www.gstatic.com', 'www.gstatic.cn',
                   'code.jquery.com',
                   'static.mendeley.com',
-                  'cdn.plot.ly')
+                  'cdn.plot.ly',
+                  'unpkg.com/htmx.org@1.6.0'
+                  )
 CSP_STYLE_SRC = ("'self'", 'scipost.org', "'report-sample'",
                  'crossmark-cdn.crossref.org',
                  "'unsafe-inline'", 'ajax.googleapis.com', 'code.jquery.com',
-- 
GitLab