Inline JavaScript Breaks with Strict CSP #21
Description
Hi,
I’m using your admin theme and recently implemented a strict Content Security Policy that blocks inline JavaScript and such as a standard security measure. I noticed some issues, for example the logout button (the filter offcanvas too) uses:
<button onclick="$('#logout-form').submit()">Logout</button>This doesn’t work with strict CSP. A simple fix is to use a form-based logout button instead, like this:
<form action="{% url 'logout' %}" method="POST">
{% csrf_token %}
<button type="submit">Logout</button>
</form>Just wanted to share this in case it helps improve the theme. Thanks for your great work as always!
Metadata
Metadata
Assignees
Labels
No labels