From e2545ae046770ba4a46a17b32690a1f77eac8d83 Mon Sep 17 00:00:00 2001
From: vincent porte <vincent@neuralia.co>
Date: Wed, 20 Sep 2023 15:14:47 +0200
Subject: [PATCH] wip

---
 config/settings/base.py                                    | 7 ++++++-
 .../templates/forum_conversation/partials/posts_list.html  | 1 -
 .../forum_conversation/partials/topic_detail_actions.html  | 1 -
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/config/settings/base.py b/config/settings/base.py
index 3b534adf8..b90e258b2 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -355,11 +355,16 @@
 # CSP
 # ---------------------------------------
 CSP_DEFAULT_SRC = ("'self'",)
+# unsafe-inline for htmx.js, embed.js & tartecitron.js needs
 CSP_STYLE_SRC = ("'self'", "https://fonts.googleapis.com", "'unsafe-inline'")
 CSP_STYLE_SRC_ELEM = CSP_STYLE_SRC
 CSP_FONT_SRC = ("'self'", "https://fonts.gstatic.com/", "data:")
-CSP_SCRIPT_SRC = ("'self'", "https://cdn.jsdelivr.net", "https://tally.so")
+CSP_SCRIPT_SRC = (
+    "'self'",
+    "https://cdn.jsdelivr.net",
+)
 CSP_SCRIPT_SRC_ELEM = CSP_SCRIPT_SRC
+CSP_FRAME_SRC = ("'self'", "https://tally.so")
 CSP_IMG_SRC = ("'self'", "data:")
 CSP_INCLUDE_NONCE_IN = ["script-src", "script-src-elem"]
 
diff --git a/lacommunaute/templates/forum_conversation/partials/posts_list.html b/lacommunaute/templates/forum_conversation/partials/posts_list.html
index b551d7c48..2fa6106f2 100644
--- a/lacommunaute/templates/forum_conversation/partials/posts_list.html
+++ b/lacommunaute/templates/forum_conversation/partials/posts_list.html
@@ -39,6 +39,5 @@
 </div>
 
 <script nonce="{{ request.csp_nonce }}">
-    document.getElementById(`collapseButtonPost{{topic.pk}}`).setAttribute('aria-expanded', 'false');
     document.getElementById(`showmoreposts-button{{topic.pk}}`).className = 'd-none';
 </script>
diff --git a/lacommunaute/templates/forum_conversation/partials/topic_detail_actions.html b/lacommunaute/templates/forum_conversation/partials/topic_detail_actions.html
index 09e905812..7b7c81643 100644
--- a/lacommunaute/templates/forum_conversation/partials/topic_detail_actions.html
+++ b/lacommunaute/templates/forum_conversation/partials/topic_detail_actions.html
@@ -26,7 +26,6 @@
        data-matomo-category="engagement"
        data-matomo-action="showmore"
        data-matomo-option="post"
-       onclick=DisabledMe("showmoreposts-button{{topic.pk}}")
        aria-label="{% trans "Show me the comment" %}"
        role="button"
     >