wip

gip-inclusion · Sep 20, 2023 · e2545ae · e2545ae
1 parent 1e7d599
commit e2545ae
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/config/settings/base.py b/config/settings/base.py
@@ -355,11 +355,16 @@
 # CSP
 # ---------------------------------------
 CSP_DEFAULT_SRC = ("'self'",)
+# unsafe-inline for htmx.js, embed.js & tartecitron.js needs
 CSP_STYLE_SRC = ("'self'", "https://fonts.googleapis.com", "'unsafe-inline'")
 CSP_STYLE_SRC_ELEM = CSP_STYLE_SRC
 CSP_FONT_SRC = ("'self'", "https://fonts.gstatic.com/", "data:")
-CSP_SCRIPT_SRC = ("'self'", "https://cdn.jsdelivr.net", "https://tally.so")
+CSP_SCRIPT_SRC = (
+    "'self'",
+    "https://cdn.jsdelivr.net",
+)
 CSP_SCRIPT_SRC_ELEM = CSP_SCRIPT_SRC
+CSP_FRAME_SRC = ("'self'", "https://tally.so")
 CSP_IMG_SRC = ("'self'", "data:")
 CSP_INCLUDE_NONCE_IN = ["script-src", "script-src-elem"]
 

diff --git a/lacommunaute/templates/forum_conversation/partials/posts_list.html b/lacommunaute/templates/forum_conversation/partials/posts_list.html
@@ -39,6 +39,5 @@
 </div>
 
 <script nonce="{{ request.csp_nonce }}">
-    document.getElementById(`collapseButtonPost{{topic.pk}}`).setAttribute('aria-expanded', 'false');
     document.getElementById(`showmoreposts-button{{topic.pk}}`).className = 'd-none';
 </script>
diff --git a/lacommunaute/templates/forum_conversation/partials/topic_detail_actions.html b/lacommunaute/templates/forum_conversation/partials/topic_detail_actions.html
@@ -26,7 +26,6 @@
        data-matomo-category="engagement"
        data-matomo-action="showmore"
        data-matomo-option="post"
-       onclick=DisabledMe("showmoreposts-button{{topic.pk}}")
        aria-label="{% trans "Show me the comment" %}"
        role="button"
     >