[ADD] django-sri to provide integrity hashes for local static files

2025-07-09 04:20:17 +02:00 · 2025-01-02 16:54:37 +01:00 · 2025-01-02 16:54:37 +01:00 · 0f057ffa84
commit 0f057ffa84
parent 7033406ba6
13 changed files with 29 additions and 23 deletions
--- a/allianceauth/project_template/project_name/settings/base.py
+++ b/allianceauth/project_template/project_name/settings/base.py
@ -43,8 +43,10 @@ INSTALLED_APPS = [
    'allianceauth.theme.flatly',
    'allianceauth.theme.materia',
    "allianceauth.custom_css",
+    'sri',
 ]

+SRI_ALGORITHM = "sha512"
 SECRET_KEY = "wow I'm a really bad default secret key"

 # Celery configuration
--- a/allianceauth/templates/bundles/auth-base-css.html
+++ b/allianceauth/templates/bundles/auth-base-css.html
@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}

-<link href="{% static 'allianceauth/css/auth-base.css' %}" rel="stylesheet">
+{% sri_static 'allianceauth/css/auth-base.css' %}
--- a/allianceauth/templates/bundles/auth-framework-css.html
+++ b/allianceauth/templates/bundles/auth-framework-css.html
@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}

-<link href="{% static 'allianceauth/framework/css/auth-framework.css' %}" rel="stylesheet">
+{% sri_static 'allianceauth/framework/css/auth-framework.css' %}
--- a/allianceauth/templates/bundles/bootstrap-css.html
+++ b/allianceauth/templates/bundles/bootstrap-css.html
@ -1,4 +1,6 @@
 {% load static %}
+{% load sri %}
+
 <!-- Bootstrap CSS -->
 {% if NIGHT_MODE %}
    {% if debug %}
@ -6,7 +8,7 @@
        <link rel="stylesheet/less" href="{% static 'allianceauth/css/themes/darkly/darkly.less' %}">
        <script src='https://cdnjs.cloudflare.com/ajax/libs/less.js/4.1.3/less.min.js' integrity='sha512-6gUGqd/zBCrEKbJqPI7iINc61jlOfH5A+SluY15IkNO1o4qP1DEYjQBewTB4l0U4ihXZdupg8Mb77VxqE+37dg==' crossorigin='anonymous' referrerpolicy="no-referrer"></script>
    {% else %}
-        <link rel="stylesheet" href="{% static 'allianceauth/css/themes/darkly/darkly.min.css' %}">
+        {% sri_static 'allianceauth/css/themes/darkly/darkly.min.css' %}
    {% endif %}
 {% else %}
    {% if debug %}
@ -14,7 +16,7 @@
        <link rel="stylesheet/less" href="{% static 'allianceauth/css/themes/flatly/flatly.less' %}">
        <script src='https://cdnjs.cloudflare.com/ajax/libs/less.js/4.1.3/less.min.js' integrity='sha512-6gUGqd/zBCrEKbJqPI7iINc61jlOfH5A+SluY15IkNO1o4qP1DEYjQBewTB4l0U4ihXZdupg8Mb77VxqE+37dg==' crossorigin='anonymous' referrerpolicy="no-referrer"></script>
    {% else %}
-        <link rel="stylesheet" href="{% static 'allianceauth/css/themes/flatly/flatly.min.css' %}">
+        {% sri_static 'allianceauth/css/themes/flatly/flatly.min.css' %}
    {% endif %}
 {% endif %}
 <!-- End Bootstrap CSS -->
--- a/allianceauth/templates/bundles/checkbox-css.html
+++ b/allianceauth/templates/bundles/checkbox-css.html
@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}

-<link href="{% static 'allianceauth/css/checkbox.css' %}" rel="stylesheet">
+{% sri_static 'allianceauth/css/checkbox.css' %}
--- a/allianceauth/templates/bundles/evetime-js.html
+++ b/allianceauth/templates/bundles/evetime-js.html
@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}

-<script src="{% static 'allianceauth/js/eve-time.js' %}"></script>
+{% sri_static 'allianceauth/js/eve-time.js' %}
--- a/allianceauth/templates/bundles/filterdropdown-js.html
+++ b/allianceauth/templates/bundles/filterdropdown-js.html
@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}

-<script src="{% static 'allianceauth/js/filterDropDown/filterDropDown.min.js' %}"></script>
+{% sri_static 'allianceauth/js/filterDropDown/filterDropDown.min.js' %}
--- a/allianceauth/templates/bundles/jquery-ui-css.html
+++ b/allianceauth/templates/bundles/jquery-ui-css.html
@ -1,5 +1,6 @@
-{% load static %}
 <!-- Start jQuery UI CSS from Alliance Auth -->
-<!-- CDNs all contain theme.css, which is not supposed to be in the base CSS, Which is why this is uniquely bundled in not using a CDN -->
-<link rel="stylesheet" href="{% static 'allianceauth/js/jquery-ui/1.13.2/css/jquery-ui.min.css' %}" integrity="VEqAhOZvZrx/WaxlpMoLvZDSLeLNYhkL5LU2R4/ihPJb/+qkGoMrA15SqEGtI+PCLgKwCDiby7tgdvdiAZkJGg==" crossorigin="anonymous" referrerpolicy="no-referrer">
+<!-- CDNs all contain theme.css, which is not supposed to be in the base CSS, which is why this is uniquely bundled in not using a CDN -->
+{% load sri %}
+
+{% sri_static 'allianceauth/js/jquery-ui/1.13.2/css/jquery-ui.min.css' %}
 <!-- End jQuery UI CSS from aa-gdpr -->
--- a/allianceauth/templates/bundles/refresh-notification-icon-js.html
+++ b/allianceauth/templates/bundles/refresh-notification-icon-js.html
@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}

-<script src="{% static 'allianceauth/js/refresh-notification-icon.js' %}"></script>
+{% sri_static 'allianceauth/js/refresh-notification-icon.js' %}
--- a/allianceauth/templates/bundles/refresh-notifications-js.html
+++ b/allianceauth/templates/bundles/refresh-notifications-js.html
@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}

-<script src="{% static 'allianceauth/js/refresh_notifications.js' %}"></script>
+{% sri_static 'allianceauth/js/refresh_notifications.js' %}
--- a/allianceauth/templates/bundles/timerboard-js.html
+++ b/allianceauth/templates/bundles/timerboard-js.html
@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}

-<script src="{% static 'allianceauth/js/timerboard.js' %}"></script>
+{% sri_static 'allianceauth/js/timerboard.js' %}
--- a/allianceauth/templates/bundles/timers-js.html
+++ b/allianceauth/templates/bundles/timers-js.html
@ -1,3 +1,3 @@
-{% load static %}
+{% load sri %}

-<script src="{% static 'allianceauth/js/timers.js' %}"></script>
+{% sri_static 'allianceauth/js/timers.js' %}
--- a/pyproject.toml
+++ b/pyproject.toml
@ -52,6 +52,7 @@ dependencies = [
    "django-registration<3.4,>=3.3",
    "django-solo",
    "django-sortedm2m",
+    "django-sri",
    "dnspython",
    "mysqlclient>=2.1",
    "openfire-restapi",