override csp_nonce value for a htmx view called by legacy django view…

…, to get the same value

config/settings/base.py

@@ -101,8 +101,10 @@
 ]
 
 LOCAL_MIDDLEWARE = [
+    "lacommunaute.utils.middleware.NonceMiddleware",
     "machina.apps.forum_permission.middleware.ForumPermissionMiddleware",
     "lacommunaute.utils.middleware.VisibleForumsMiddleware",
+    "lacommunaute.utils.middleware.NonceMiddleware",
 ]
 
 MIDDLEWARE = DJANGO_MIDDLEWARE + THIRD_PARTIES_MIDDLEWARE + LOCAL_MIDDLEWARE
@@ -358,7 +360,7 @@
 CSP_SCRIPT_SRC = ("'self'", "https://cdn.jsdelivr.net", "https://tally.so")
 CSP_SCRIPT_SRC_ELEM = CSP_SCRIPT_SRC
 CSP_IMG_SRC = ("'self'", "data:")
-CSP_INCLUDE_NONCE_IN = ["script-src", "script-src-elem", "stlye-src", "style-src-elem"]
+CSP_INCLUDE_NONCE_IN = ["script-src", "script-src-elem", "style-src", "style-src-elem"]
 
 # HSTS
 # ---------------------------------------

lacommunaute/templates/pages/home.html

@@ -81,32 +81,32 @@ <h2 class="h1 mb-3 mb-lg-5">Améliorez votre pratique professionnelle :</h2>
                     <ul class="s-tabs-01__nav nav nav-tabs" role="tablist">
                         <li class="nav-item" role="presentation">
                             <a class="nav-link active" id="topics-tab"
-                                data-toggle="tab"
-                                href="#topics"
-                                role="tab"
-                                aria-controls="topics"
-                                aria-selected="true"
-                                data-matomo-category="engagement"
-                                data-matomo-action="view"
-                                data-matomo-option="topics">
+                               data-toggle="tab"
+                               href="#topics"
+                               role="tab"
+                               aria-controls="topics"
+                               aria-selected="true"
+                               data-matomo-category="engagement"
+                               data-matomo-action="view"
+                               data-matomo-option="topics">
                                 Questions/Réponses
                             </a>
                         </li>
                         <li class="nav-item" role="presentation">
                             <a id="newsfeed-topics-tab"
-                                data-toggle="tab"
-                                href="#newsfeed-topics"
-                                role="tab"
-                                aria-controls="newsfeed-topics"
-                                aria-selected="false"
-                                hx-target="#newsfeedtopicsarea"
-                                hx-swap="outerHTML"
-                                hx-get="{% url 'forum_conversation_extension:newsfeed_topics_list' %}"
-                                hx-trigger="load"
-                                class="nav-link matomo-event"
-                                data-matomo-category="engagement"
-                                data-matomo-action="loadmore"
-                                data-matomo-option="newsfeed_topic">
+                               data-toggle="tab"
+                               href="#newsfeed-topics"
+                               role="tab"
+                               aria-controls="newsfeed-topics"
+                               aria-selected="false"
+                               hx-target="#newsfeedtopicsarea"
+                               hx-swap="outerHTML"
+                               hx-get="{% url 'forum_conversation_extension:newsfeed_topics_list' %}?nonce_value={{ request.csp_nonce }}"
+                               hx-trigger="load"
+                               class="nav-link matomo-event"
+                               data-matomo-category="engagement"
+                               data-matomo-action="loadmore"
+                               data-matomo-option="newsfeed_topic">
                                 Actualités
                             </a>
                         </li>
@@ -137,15 +137,15 @@ <h2 class="h1 mb-3 mb-lg-5">Améliorez votre pratique professionnelle :</h2>
                     </ul>
                     <div class="tab-content topiclist">
                         <div class="tab-pane fade show active" id="topics"
-                            role="tabpanel"
-                            aria-labelledby="topics-tab">
+                             role="tabpanel"
+                             aria-labelledby="topics-tab">
                             {% with topics=topics %}
                                 {% include "forum_conversation/topic_list.html" %}
                             {% endwith %}
                         </div>
                         <div class="tab-pane fade" id="newsfeed-topics"
-                            role="tabpanel"
-                            aria-labelledby="newsfeed-topics-tab">
+                             role="tabpanel"
+                             aria-labelledby="newsfeed-topics-tab">
                             <div id="newsfeedtopicsarea">
                                 chargement en cours...
                             </div>

lacommunaute/utils/middleware.py

@@ -33,3 +33,16 @@ def process_request(self, request):
                 ),
             )
             store_upper_visible_forums(request, forum_visibility_content_tree.top_nodes)
+
+
+class NonceMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        nonce_value = request.GET.get("nonce_value")
+
+        if nonce_value:
+            request.csp_nonce = nonce_value
+
+        return self.get_response(request)